Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] attack via ssh? (don't panic :-P)
- Date: Sat, 14 May 2005 00:01:33 +0900
- From: Nikolay Elenkov <nick@example.com>
- Subject: Re: [tlug] attack via ssh? (don't panic :-P)
- References: <87is1nl9ta.fsf@example.com> <20050513234003.31cb0b09@example.com> <1115996036.30905.4.camel@example.com>
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041231
Stuart Luppescu wrote: > I'm really interested. I get these at least once a day. If I notice it > on root-tail, I add the originating IP address to my set of iptables > rules to block. I have had PasswordAuthentication set to no > in /etc/ssh/sshd_config, but it doesn't seem to have any effect. :-< At one point I got tired of adding addresses to the firewall script and just moved sshd to a non-standard port. Not a real solution, but helps. My 'secure' log is now clean :) You may also want to limit the users that can login via ssh by user/group. That cuts the connection before any authentication checks are made.
- Follow-Ups:
- Re: [tlug] attack via ssh? (don't panic :-P)
- From: Stuart Luppescu
- Re: [tlug] attack via ssh? (don't panic :-P)
- From: Michael Reinsch
- Re: [tlug] attack via ssh? (don't panic :-P)
- From: Stephen J. Turnbull
- Re: [tlug] attack via ssh? (don't panic :-P)
- References:
- [tlug] attack via ssh? (don't panic :-P)
- From: Stephen J. Turnbull
- Re: [tlug] attack via ssh? (don't panic :-P)
- From: Michael Reinsch
- Re: [tlug] attack via ssh? (don't panic :-P)
- From: Stuart Luppescu
- [tlug] attack via ssh? (don't panic :-P)
- Prev by Date: Re: [tlug] attack via ssh? (don't panic :-P)
- Next by Date: Re: [tlug] attack via ssh? (don't panic :-P)
- Previous by thread: Re: [tlug] attack via ssh? (don't panic :-P)
- Next by thread: Re: [tlug] attack via ssh? (don't panic :-P)
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |