[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing SSH: Does disabling password authentication work?



On Mon, 2005-10-03 at 10:47 -0700, Alvin Oga wrote:

> <sticking my bloody toe into a hungry shark filled pond>
> if so, sshd is still responding to incoming ssh connection on other ports
> </toe>

One of my servers has been getting vast "free security audits" too. My
sshd allows only key logins, but still logs the connection attempts as a
failed login. Sometimes a bad password, sometimes a bad user, sometimes
a bad key. But always a failure and always on port 22.

I wrote a little shell script for cron that scans the ssh log every
minute for these failures, and has ipchains block the IP (with a
whitelist). The size of the ssh log has decreased by about 90%.

FWIW, the script the kiddies are using seems to go away after 3 failed
logins.

-- 
Glenn English
ghe@slsware.com
GPG ID: D0D7FF20



Reply to: