On Mon, Jul 26, 2004 at 10:28:33AM +0930, David Purton wrote: > I just noticed a stack of failed attempts to ssh into my box as root > over the last half an hour or so. I've now blocked the offending ip > address, so hopefully they'll go away. Is there anything else I > can/should do? Is it worth complaining to the owner of the subnet? Could be any number of things, including people mistypying IP addresses, wannabe script kiddies and you-name-it. Complaining is unlikely to help, but it probably cannot do much harm either. Unless of course the complaint gets relayed to the perpetrator and he decides to DDOS you... I guess you could tighten things up by only allowing key-based logins: /etc/ssh/sshd.conf: PasswordAuthentication no UsePAM no and make sure that you use privilege separation on ssh (which unfortunately will break keyboard-interactive pam modules): /etc/ssh/sshd.conf: UsePrivilegeSeparation yes PAMAuthenticationViaKbdInt no Before you do this, you want to make sure that ~/.ssh/authorized_keys is set up properly :-) > I don't allow root to log in directly over ssh anyway, so what would a > person gain from trying to do this? spending 10 minutes becoming 10 minutes older? And possibly wiser? HTH -- Karl E. Jørgensen karl@jorgensen.com http://karl.jorgensen.com ==== Today's fortune: Anything is possible on paper. -- Ron McAfee
Attachment:
signature.asc
Description: Digital signature