Re: SSH Cracking Attempts

• Previous message: Arne Götje (q=AB=98=E7=9B=9B=E8=8F=AF?=): "Re: unicode input in X apps: how to?"
• In reply to: Jacob S: "SSH Cracking Attempts"
• Next in thread: Jacob S: "Re: SSH Cracking Attempts"
• Reply: Jacob S: "Re: SSH Cracking Attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 30 Sep 2004 02:13:02 -0400
To: debian-user@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Sep 29, 2004 at 02:09:58PM -0500, Jacob S wrote:
> Every other day or so now I'm seeing attempts in my servers logs where
> some remote machine starts trying to guess a username/password
> combination to ssh into the server. They try everything from 'test', to
> 'NOUSER', 'guest', 'root', etc., doing at least one login attempt per
> second, each time from a different source port.
>
> So, my question is this. Is there a way to tell ssh to refuse
> connections from an ip address after a certain number of failed login
> attempts, or is snort the only way to do something like this? So far
> I've been taking the manual approach, blocking the ip address with
> my firewall after I see it hitting the logs, but that can give them
> about an hour to play before I notice it (e-mailed to me by logcheck).
>
> Any suggestions?
>
> TIA,
> Jacob
Hi Jacob,
it happen to me a few months ago. someone suggested that I turn off
root login from remote hosts in sshd. Is that what you want?
- -Kev
- --

        (__)
        (oo)
  /------\/
 / | ||
* /\---/\
   ~~ ~~
...."Have you mooed today?"...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBW6PuAWAAuqdWA9cRAhcBAJ95kH8Y6JeisNF/5Gd0QIr4IOOKqgCeIvjY
CiLB4N0RxVVRpTSAnuhnw6M=
=hw7h
-----END PGP SIGNATURE-----

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Arne Götje (q=AB=98=E7=9B=9B=E8=8F=AF?=): "Re: unicode input in X apps: how to?"
• In reply to: Jacob S: "SSH Cracking Attempts"
• Next in thread: Jacob S: "Re: SSH Cracking Attempts"
• Reply: Jacob S: "Re: SSH Cracking Attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages SSH Cracking Attempts ... Every other day or so now I'm seeing attempts in my servers logs where ... some remote machine starts trying to guess a username/password ... Is there a way to tell ssh to refuse ... connections from an ip address after a certain number of failed login ... (Debian-User) Re: SSH Cracking Attempts ... > From: Jacob S ... > Every other day or so now I'm seeing attempts in my servers logs where ... > combination to ssh into the server. ... > connections from an ip address after a certain number of failed login ... (Debian-User) Re: Remote Execution Through FTP ... > I need to send some file from my local machine to a remote machine ... > generation mechanism in SSH. ... then you can script this quite easily using public key's to authenticate. ... Make sure the permissions on the .ssh directory and all the files in it are ... (comp.unix.admin) Re: Is SSH worth it?? ... > We would be using SSH and SCP. ... SCP for automated scripts. ... > client will not be prompted for a password. ... remote machine, but imho it is better to swap client+server and give ... (Security-Basics) Re: getting ssh to work ... > I recently tried to ssh into my desktop from another machine, ... > The remote machine in question is running OpenSSH_3.6.1p2, ... try running ssh and/or sshd in debug mode. ... and then quit when the remote user logs ... (freebsd-questions)