On 12/15/05, Dotan Cohen <dotancohen@xxxxxxxxx> wrote: > > I know that this won't save the system from a determined hacker, but > thankfully I haven't been attacked by one yet. I do get a nice long > daily log report though: > > And I am constantly being tried on sshd: > Authentication Failures: > unknown (63.211.110.142): 853 Time(s) > root (63.211.110.142): 129 Time(s) [ . . . snipped . . . ] > operator (63.211.110.142): 1 Time(s) > rpm (202.129.48.100): 1 Time(s) > rpm (63.211.110.142): 1 Time(s) > sshd (202.129.48.100): 1 Time(s) > Invalid Users: > Unknown Account: 959 Time(s) You may look into using the AllowUsers directive in /etc/sshd/sshd_config. While it won't prevent people from probing your system, it does provide an additional level of protection against a guessed password. If you do set up AllowUsers, your log will end up looking something like this instead: **Unmatched Entries** User bin from 61.66.132.60 not allowed because not listed in AllowUsers User adm from 61.66.132.60 not allowed because not listed in AllowUsers User lp from 61.66.132.60 not allowed because not listed in AllowUsers User lp from 61.66.132.60 not allowed because not listed in AllowUsers User daemon from 61.66.132.60 not allowed because not listed in AllowUsers User ftp from 61.66.132.60 not allowed because not listed in AllowUsers User games from 61.66.132.60 not allowed because not listed in AllowUsers User gopher from 61.66.132.60 not allowed because not listed in AllowUsers User halt from 61.66.132.60 not allowed because not listed in AllowUsers User lp from 61.66.132.60 not allowed because not listed in AllowUsers User mail from 61.66.132.60 not allowed because not listed in AllowUsers I suppose this is only helpful if you have accounts that have assigned passwords that you do not want logged into via ssh remotely. -- Chris "I trust the Democrats to take away my money, which I can afford. I trust the Republicans to take away my freedom, which I cannot."
