[CentOS] sshd: Authentication Failures: 137 Time(s)

Tue Apr 5 12:22:44 UTC 2011
Marian Marinov <mm at yuhu.biz>

On Tuesday 05 April 2011 11:27:49 Rudi Ahlers wrote:
> On Tue, Apr 5, 2011 at 10:17 AM, John Hodrien <J.H.Hodrien at leeds.ac.uk> 
wrote:
> > On Tue, 5 Apr 2011, rrichard at blythe.org wrote:
> >> 1) Move sshd to another
> >> port, one higher than 5000
> > 
> > I'd have mixed feelings about the Wisdom of running on a non-reserved
> > port.
> 
> Why,
> 
> We've been running SSH on hundreds of servers on a port higher than
> 5000 for year now and no problems at all.

I'm also running ssh on non standard port for more then 7 years and this is on 
a couple of thousend servers. Its not a problem if you simply add 'Port XXX' 
to your ~/.ssh/config . 

However, the traffic to ssh has reduced with only 40%. In the begining it was 
very good, we were surprised, how almost all failed attempts dissapeared. But 
in the following months that number increased and reached 60-65% of the 
original number. 

Introducing a Hawk helped us a lot. Tools like Hawk and fail2ban are quite 
useful, actually only thinks like that have good impact on the bruteforce 
attempts.


Regards,
Marian Marinov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20110405/ec71f82e/attachment-0005.sig>