Re: intrusion via ssh

To: debian-user@lists.debian.org
Subject: Re: intrusion via ssh
From: Matt Zagrabelny <mzagrabe@d.umn.edu>
Date: Thu, 31 Mar 2005 08:29:20 -0600
Message-id: <[🔎] 1112279360.5580.26.camel@localhost.localdomain>
In-reply-to: <[🔎] dbe71fb505033102556b1dc9d4@mail.gmail.com>
References: <[🔎] dbe71fb505033102556b1dc9d4@mail.gmail.com>

On Thu, 2005-03-31 at 12:55 +0200, Frederic Guillet wrote:
> Hi,
> 
> i just checked my mail log on my server (that runs sarge with postfix)
> and got this kind of lines:
> 
> MAR 30 20:01:33 servername sshd[17890] illegal user john from 24.15.134.130
> 
> I have about 500 attemps with different usernames and the same IP so i
> guess it is a robot which is trying to enter my system.
> 
> the pb with such log is that it does not say if the user has succeeded
> to enter the machine or if the attempt has failed.
> 
> any config advice or tutorial are welcome.

check /var/log/auth.log

perhaps you would consider using knockd (a port knocking daemon) to
tighten security.

also you should disallow root login via ssh. (/etc/ssh/sshd_config)

-matt zagrabelny

Reply to:

References:
- intrusion via ssh
  - From: Frederic Guillet <fguillet@gmail.com>

Prev by Date: Re: debian logo font
Next by Date: Re: ! password in /etc/shadow
Previous by thread: Re: intrusion via ssh
Next by thread: Re: intrusion via ssh
Index(es):
- Date
- Thread