In meiner auth.log des servers sind folgende Zeilen enthalten. Die
Einträge sind ein kurzer Auszug von einem ca. 30 min Angriff:
--------------------------------------------------
[...] (beginn Jan 30 04:28:04)
Jan 30 05:00:08 server sshd[8117]: Connection from 66.79.165.130 port 42857
Jan 30 05:00:08 server sshd[8117]: Enabling compatibility mode for protocol 2.0
Jan 30 05:00:09 server sshd[8117]: User root not allowed because none of user's groups are listed in AllowGroups
Jan 30 05:00:09 server sshd[8130]: Connection from 66.79.165.130 port 42907
Jan 30 05:00:09 server sshd[8130]: Enabling compatibility mode for protocol 2.0
Jan 30 05:00:11 server sshd[8130]: User root not allowed because none of user's groups are listed in AllowGroups
Jan 30 05:00:11 server sshd[8137]: Connection from 66.79.165.130 port 42944
Jan 30 05:00:11 server sshd[8137]: Enabling compatibility mode for protocol 2.0
Jan 30 05:00:12 server sshd[8137]: User root not allowed because none of user's groups are listed in AllowGroups
Jan 30 05:00:12 server sshd[8147]: Connection from 66.79.165.130 port 43006
Jan 30 05:00:13 server sshd[8147]: Enabling compatibility mode for protocol 2.0
Jan 30 05:00:14 server sshd[8147]: User root not allowed because none of user's groups are listed in AllowGroups
Jan 30 05:00:14 server sshd[8158]: Connection from 66.79.165.130 port 43047
Jan 30 05:00:14 server sshd[8158]: Enabling compatibility mode for protocol 2.0
Jan 30 05:00:15 server sshd[8158]: User root not allowed because none of user's groups are listed in AllowGroups
Jan 30 05:00:15 server sshd[8160]: Connection from 66.79.165.130 port 43081
Jan 30 05:00:16 server sshd[8160]: Enabling compatibility mode for protocol 2.0
Jan 30 05:00:16 server sshd[8160]: User root not allowed because none of user's groups are listed in AllowGroups
Jan 30 05:00:17 server sshd[8174]: Connection from 66.79.165.130 port 43135
Jan 30 05:00:17 server sshd[8174]: Enabling compatibility mode for protocol 2.0
Jan 30 05:00:18 server sshd[8174]: User root not allowed because none of user's groups are listed in AllowGroups
Jan 30 05:00:18 server sshd[8180]: Connection from 66.79.165.130 port 43171
Jan 30 05:00:18 server sshd[8180]: Enabling compatibility mode for protocol 2.0
Jan 30 05:00:19 server sshd[8180]: User root not allowed because none of user's groups are listed in AllowGroups
--------------------------------------------------
Kann ich das in gewisser Weise unterbinden? Was sollte alles in einer
sshd_config drin stehen?
Macht es Sinn sich bei solchen Angriffen an die Abuse-Mail des
entspr. Providers zu wenden oder verläuft so etwas sowieso im Sand und
ist den Aufwand nicht wert?