SSH hank attempts… bad?

Mike Heath elcapo at gmail.com
Tue Apr 11 21:40:08 MDT 2006


Changing the port used by sshd is a good idea.  I would also recommend
disabling password authentication and only using public key
authentication.

-Mike

On Tue, 2006-04-11 at 20:55 -0600, Wade Preston Shearer wrote:
> My server can get up ~12,000 [1] failed log in attempts recorded in  
> my server's logs in one day. How much of a concern should this be? I  
> am aware of restricting shell access to certain IPs. Will that  
> restrict the handshake or will I still see the attempts in my logs?  
> Are there any ways to restrict the attempts?
> 
> 
> [1] Generally, ~3-20 on against standard system accounts (root, news,  
> squid, apache, etc), ~5,000 against unknown, and ~12,000 against  
> "unmated entries."
> 
> 
> Wade Preston Shearer
> 
> 
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */




More information about the PLUG mailing list