Re: SSH hank attempts… bad?

Justin Findlay jfindlay at gmail.com
Tue Apr 11 21:07:22 MDT 2006


On 4/11/06, Wade Preston Shearer <lists at wadeshearer.com> wrote:
> My server can get up ~12,000 [1] failed log in attempts recorded in
> my server's logs in one day. How much of a concern should this be? I
> am aware of restricting shell access to certain IPs. Will that
> restrict the handshake or will I still see the attempts in my logs?
> Are there any ways to restrict the attempts?

What I've done: 1. Change ssh port to a random non privileged, non
used port.  2. Use good passwords.  3. Install DenyHosts and change
the default "protective" settings to "brutally unforgiving" as in
after 5 tries at a password on any account real or fantastic, that
host is denied all services for forever.

You might want to read a recent SLLUG thread on this.

http://www.sllug.org/pipermail/sllug-members/2006-March/007499.html


Justin



More information about the PLUG mailing list