[ale] failed ssh login attempts
Googi Singha
googi at mindspring.com
Thu Feb 10 13:43:21 EST 2005
Most of these scan tools seem to use cleartext passwords. If you enable
keys and also follow hints such as the ones below - you should be pretty
safe.
good luck.
-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Sean
Johnson
Sent: Thursday, February 10, 2005 8:54 AM
To: jtrostel at mindspring.com; Atlanta Linux Enthusiasts
Subject: Re: [ale] failed ssh login attempts
Hi all,
Just catching up on this thread... i experienced a lot of these type of
attacks, usually from Asian IPs late at night, so another way i helped
protect my system was by adding 2 cron jobs one that starts the server
at 9AM and shuts it down at 6pm. These are the only times i use it from
work. This is in addition to the following:
1. Disable root login via ssh (as well as all other normal type users
that programs run under) 2. Enable it for only the users that explicity
need it. (use bastille to help) 3. Move default port from 22 4. Limiting
IP addresses from which you can connect to the server (i.e. work)
Sean Johnson
Libranet now Ubuntu! :)
On Wed, 09 Feb 2005 11:48:32 -0500, John Trostel
<jtrostel at mindspring.com> wrote:
> These types of ssh brute force attacks have been occurring for at
> least a year, I think. If your system is exposed to the net for any
> reasonable period of time and runs ssh, it should have been subjected
> to them.
>
> Always good to keep up to date, turn off (and remove) unneeded
> services, and read and apply the handy tips in Bob's book!
>
> --
> John Trostel
> Photon Computer Services
> System Support and Design
> "We're small, fast and discrete"
> 404-247-5112
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list