[olug] Eliminate risk for brute force root login attempts
Matthew D. McCain Platte
plattem at inetnebr.com
Wed Aug 2 14:56:40 UTC 2006
On Tue, 2006-08-01 at 17:51 -0500, Phil Brutsche wrote:
> Daniel Pfile wrote:
> > Try denyhosts:
> >
> > http://denyhosts.sourceforge.net/
> >
> > Also, remember to disable remote root logins in ssh.
> >
> > If you have a small number of users, set up AllowUsers for the users you
> > have.
> >
> > Even better, if it's an option, turn on mandatory key authentication.
>
> I find it's simpler just to change my SSH port number.
>
+1 for port number change.
I had a script that would scan the log every three minutes looking for
evidence of the brute force kids, copying that IP to deny.hosts. That
still let 'em in for up to three minutes, though. I could see the
lights on the switch flickering as they tried to get into my otherwise
quiet network.
That traffic went away when I changed the port number.
--
-------^.^--
More information about the OLUG
mailing list