ssh security
John Purser
jmpurser at gmail.com
Mon Dec 26 05:41:50 UTC 2005
On 12/25/05, Gerald <gwichman at gmail.com> wrote:
> It looks like i'm getting a dictionary attack on my system. I moved
> ssh to another port instead of 22 in hopes that would put a halt to it
> but it did not. Any recommendations to improve security here? I notice
> these attacks come from a variety of IP's so pursuing one individual
> is probably not worthwhile.
>
> [root at corona ~]# tail /var/log/secure
> Dec 25 17:51:09 corona sshd[24704]: Failed password for invalid user
> turid from ::ffff:203.115.124.116 port 38370 ssh2
> Dec 25 17:51:12 corona sshd[24707]: Invalid user turnage from
> ::ffff:203.115.124.116
> Dec 25 17:51:14 corona sshd[24707]: Failed password for invalid user
> turnage from ::ffff:203.115.124.116 port 38886 ssh2
> Dec 25 17:51:18 corona sshd[24710]: Invalid user turnbough from
> ::ffff:203.115.124.116
> Dec 25 17:51:20 corona sshd[24710]: Failed password for invalid user
> turnbough from ::ffff:203.115.124.116 port 39397 ssh2
> Dec 25 17:51:22 corona sshd[24713]: Invalid user turner from
> ::ffff:203.115.124.116
> Dec 25 17:51:25 corona sshd[24713]: Failed password for invalid user
> turner from ::ffff:203.115.124.116 port 40228 ssh2
> Dec 25 17:51:27 corona sshd[24716]: Invalid user tursun from
> ::ffff:203.115.124.116
> Dec 25 17:51:30 corona sshd[24716]: Failed password for invalid user
> tursun from ::ffff:203.115.124.116 port 40714 ssh2
> Dec 25 21:20:46 corona sshd[24897]: Accepted password for root from
> ::ffff:10.1.1.17 port 4500 ssh2
> [root at corona ~]#
>
>
> --
> -Gerald
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
Gerald,
You might want to look into changing your sshd so it accepts keyed
access only. Just learning ssh myself so I'm sketchy on details.
John Purser
More information about the users
mailing list