Re: Securing SSH: Does disabling password authentication work?
On Mon, 2005-10-03 at 10:47 -0700, Alvin Oga wrote:
> <sticking my bloody toe into a hungry shark filled pond>
> if so, sshd is still responding to incoming ssh connection on other ports
One of my servers has been getting vast "free security audits" too. My
sshd allows only key logins, but still logs the connection attempts as a
failed login. Sometimes a bad password, sometimes a bad user, sometimes
a bad key. But always a failure and always on port 22.
I wrote a little shell script for cron that scans the ssh log every
minute for these failures, and has ipchains block the IP (with a
whitelist). The size of the ssh log has decreased by about 90%.
FWIW, the script the kiddies are using seems to go away after 3 failed
GPG ID: D0D7FF20