On 12/25/05, Gerald gwichman@gmail.com wrote:
It looks like i'm getting a dictionary attack on my system. I moved ssh to another port instead of 22 in hopes that would put a halt to it but it did not. Any recommendations to improve security here? I notice these attacks come from a variety of IP's so pursuing one individual is probably not worthwhile.
[root@corona ~]# tail /var/log/secure Dec 25 17:51:09 corona sshd[24704]: Failed password for invalid user turid from ::ffff:203.115.124.116 port 38370 ssh2 Dec 25 17:51:12 corona sshd[24707]: Invalid user turnage from ::ffff:203.115.124.116 Dec 25 17:51:14 corona sshd[24707]: Failed password for invalid user turnage from ::ffff:203.115.124.116 port 38886 ssh2 Dec 25 17:51:18 corona sshd[24710]: Invalid user turnbough from ::ffff:203.115.124.116 Dec 25 17:51:20 corona sshd[24710]: Failed password for invalid user turnbough from ::ffff:203.115.124.116 port 39397 ssh2 Dec 25 17:51:22 corona sshd[24713]: Invalid user turner from ::ffff:203.115.124.116 Dec 25 17:51:25 corona sshd[24713]: Failed password for invalid user turner from ::ffff:203.115.124.116 port 40228 ssh2 Dec 25 17:51:27 corona sshd[24716]: Invalid user tursun from ::ffff:203.115.124.116 Dec 25 17:51:30 corona sshd[24716]: Failed password for invalid user tursun from ::ffff:203.115.124.116 port 40714 ssh2 Dec 25 21:20:46 corona sshd[24897]: Accepted password for root from ::ffff:10.1.1.17 port 4500 ssh2 [root@corona ~]#
-- -Gerald
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Gerald,
You might want to look into changing your sshd so it accepts keyed access only. Just learning ssh myself so I'm sketchy on details.
John Purser