Tony Placilla bofh@jhu.edu Sr. UNIX Systems Administrator The Sheridan Libraries Johns Hopkins University
On Tue, Mar 25, 2008 at 12:48 PM, in message 47E92CD1.3060804@msiscales.com,
Tim Alberts talberts@msiscales.com wrote:
So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system.
What's a good way to deal with this?
I am subject to this on an all too frequent basis. Here's what we've put in place that seems to work.
DenyHosts. It's available through the rpmforge (or Dag's) repo. Just be sure you edit the config to allow SNYC_DOWNLOAD & create an appropriate allowed.hosts file based upon your needs.
sshd in protocol 2 privilege separation no root logins
and a nifty little PAM trick is to create a group called ssh_users & and those that should be able to access the server are put into that as their supplementary group. Edit sshd_config & add AllowGroups ssh_users
it's part & parcel of the whole "layered security" idea
it's cut the noise in my logs down by 99.9%
plus I sleep better :)