ssh attack

Discussion topics, Linux related - not requests for help

Moderators: ChrisThornett, LXF moderators

ssh attack

Postby RD » Mon Sep 19, 2005 12:28 pm

Hi

today i looked at my system logs (main auth.log) and found that there has been 6 ssh attempts on my computer :shock: none of which have got in :D

it would seem from the auth.log that they are using a dictionary mounted attack (god help them if there using John as that is use less still has not broken my password since LXF 71 was released). So im posting just to say check you auth.log see if there are any ssh connections to your box i dont know if these attacks are from a company/script kiddie or other
RD
LXF regular
 
Posts: 272
Joined: Mon Jul 25, 2005 2:53 am
Location: irc.ixl2.net

RE: ssh attack

Postby nelz » Mon Sep 19, 2005 3:14 pm

It happens all the time. the safest approach is to disable password logins to SSH, limiting it to key authorisations only.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8577
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

RE: ssh attack

Postby RD » Mon Sep 19, 2005 3:58 pm

i have :), thanks any way just thought i would let ever one know maybe they can see if there system has been attacked like mine
RD
LXF regular
 
Posts: 272
Joined: Mon Jul 25, 2005 2:53 am
Location: irc.ixl2.net

RE: ssh attack

Postby nordle » Mon Sep 19, 2005 8:43 pm

I don't know realistically how much extra security it gives, but you can change:

1. Only allow ssh version 2 connections
2. Change the AllowUsers section to only include an internal IP range
3. Change the default port number from 22

As well as the key access, I have no idea if these are any good or not, just some notes I've got.
I think, therefore I compile
User avatar
nordle
LXF regular
 
Posts: 1500
Joined: Fri Apr 08, 2005 9:56 pm

RE: ssh attack

Postby RD » Mon Sep 19, 2005 10:57 pm

Thanks nordle but if i was that worried id simply stop the port on my router and stop sshd untill needed :)
RD
LXF regular
 
Posts: 272
Joined: Mon Jul 25, 2005 2:53 am
Location: irc.ixl2.net


Return to Discussion

Who is online

Users browsing this forum: No registered users and 0 guests

cron