Lew Bloch wrote: > One thing the original poster seems to have discovered: > > >Jul 17 14:42:27 localhost sshd[6748]: > >Illegal user guest from 130.120.81.14 > >Jul 17 14:42:30 localhost sshd[6748]: > >Failed password for illegal user guest > >from 130.120.81.14 port 48753 ssh2 > > is that Linux security is fairly strong against such attacks, provided > of course you don't have a hackable "test" or "guest" username. I've had similar lines in "my" AIX server at work. There, the attacks got caught first by the AllowGroups line in the sshd_config file. (I have a ssh-user group containing only those users who need to log in.) Notably, even "root" got caught by the AllowGroups setting, even though I have PermitRootLogin no If you want an extra level of security (so you don't have to worry about weak passwords if you do have a test account), you might want to look into the AllowGroups setting. For various obscure reasons (not security), my Fedora sshd runs on a non-standard port. Relying on "security through obscurity" is not a good idea (someone will discover the obscurity), but it does cut down the number of opportunistic cracking attempts! James. -- E-mail address: james@ | I learnt the rules of rugby. There is only one rule. westexe.demon.co.uk | "Skip it by any means necessary".
