On Mon, 2005-10-24 at 09:49 +0000, Stephanus Fengler wrote: > Dear list readers, > > I know that this is not a security list but it seems a good starting > point for me as an ordinary user to ask whether someone can point me in > the right direction. > > I recently checked my log files of my ssh service (so far as I > understand this is my only service open) and realized that from the very > same IP I got a lot of request trying to guess a user name on my system, > I assume. Since login name always changes in even chronological > alphabetical order. > > So shell I worry about it or do I need to do some countermeasures? 1) Make sure root login via ssh is disabled It's not by default. in /etc/sshd_config there will be a line that reads PermitRootLogin yes change the yes to no and then restart the sshd daemon 2) Turn it off all together if you don't need it 3) Make sure all of your password are sane. -=- These random attacks are pretty common - they sniff networks for open ssh ports, and when they find one - they try root with a bunch of passwords, and then common user names with a bunch of passwords. It's not really something to worry about - if you have root login disabled, any attempts to ssh in as root will fail - and they only get in if they happen to guess a user name AND a password. That's not likely to happen if you have good passwords on your system (ie a meaningless combination of letters, numbers, and other characters at least 10 characters long) -=- If you only ssh in from specific hosts, you can limit ssh access to those hosts only - or you can use a pass key - where the connection is not done with passwords at all, but done with a pass phrase only - which requires a key on the connecting machine that has been signed by your private key.
