Re: POSSIBLE BREAK-IN in auth.log via ssh

To: debian-user@lists.debian.org
Subject: Re: POSSIBLE BREAK-IN in auth.log via ssh
From: Paul Tader <ptader@linuxscope.com>
Date: Wed, 18 Feb 2009 08:00:57 -0600
Message-id: <[🔎] 499C1499.5080607@linuxscope.com>
In-reply-to: <[🔎] 20090212062241.b925b4af.raquel@thericehouse.net>
References: <[🔎] 8f0417560902112157r25a05ec6taefd638b6f35018e@mail.gmail.com> <[🔎] 20090212084015.GA24026@samad.com.au> <[🔎] 20090212062241.b925b4af.raquel@thericehouse.net>

Raquel wrote:

On Thu, 12 Feb 2009 19:40:16 +1100
Alex Samad <alex@samad.com.au> wrote:

this is ssh complaining about incorrect password being supplied, I
presume you do not allow password authentication for root !

This is some script kiddie or mutant pc try brute attack against
your sshd server, try fail2ban


I used to blacklist all those in my firewall.  Then I installed
fail2ban.  I don't have to spend the time with the firewall and the
breakin attempts have dropped dramatically, to the point where I
seldom see one any more.

My advice is to install fail2ban.

For ssh dictionary attacks, another package you might consider isDenyHost. (http://denyhosts.sourceforge.net/)


--
ptader (at)
www.linuxscope.com

Reply to:

References:
- POSSIBLE BREAK-IN in auth.log via ssh
  - From: Norman Bird <steelpulsefan@gmail.com>
- Re: POSSIBLE BREAK-IN in auth.log via ssh
  - From: Alex Samad <alex@samad.com.au>
- Re: POSSIBLE BREAK-IN in auth.log via ssh
  - From: Raquel <raquel@thericehouse.net>

Prev by Date: USB Wireless Adapter for Linux?
Next by Date: Re: Will installing libc6-i686 on my i586 crunch my installation?
Previous by thread: Re: POSSIBLE BREAK-IN in auth.log via ssh
Next by thread: Re: POSSIBLE BREAK-IN in auth.log via ssh
Index(es):
- Date
- Thread