ssh security

Gerald gwichman at
Mon Dec 26 05:24:01 UTC 2005

It looks like i'm getting a dictionary attack on my system. I moved
ssh to another port instead of 22 in hopes that would put a halt to it
but it did not. Any recommendations to improve security here? I notice
these attacks come from a variety of IP's so pursuing one individual
is probably not worthwhile.

[root at corona ~]# tail /var/log/secure
Dec 25 17:51:09 corona sshd[24704]: Failed password for invalid user
turid from ::ffff: port 38370 ssh2
Dec 25 17:51:12 corona sshd[24707]: Invalid user turnage from
Dec 25 17:51:14 corona sshd[24707]: Failed password for invalid user
turnage from ::ffff: port 38886 ssh2
Dec 25 17:51:18 corona sshd[24710]: Invalid user turnbough from
Dec 25 17:51:20 corona sshd[24710]: Failed password for invalid user
turnbough from ::ffff: port 39397 ssh2
Dec 25 17:51:22 corona sshd[24713]: Invalid user turner from
Dec 25 17:51:25 corona sshd[24713]: Failed password for invalid user
turner from ::ffff: port 40228 ssh2
Dec 25 17:51:27 corona sshd[24716]: Invalid user tursun from
Dec 25 17:51:30 corona sshd[24716]: Failed password for invalid user
tursun from ::ffff: port 40714 ssh2
Dec 25 21:20:46 corona sshd[24897]: Accepted password for root from
::ffff: port 4500 ssh2
[root at corona ~]#


More information about the users mailing list