using denyhosts is sufficient for me. After several password attempts, it simply disables the ip address. I now have 133 denied ips in /etc/hosts.deny Of course, you have to make sure that you don't use simple passwords
sshd: 193.137.229.185 sshd: 213.208.182.254 sshd: 69.50.188.122 sshd: 82.226.217.40 sshd: 64.193.62.162 sshd: 61.100.9.207 sshd: 65.82.89.30 sshd: 211.248.193.1 sshd: 72.4.5.31 sshd: 217.172.186.91 sshd: 80.81.106.212 sshd: 213.223.64.10 sshd: 81.233.245.217 sshd: 67.88.4.148 sshd: 61.97.32.29 sshd: 69.164.235.110 sshd: 195.130.116.161 sshd: 59.106.44.135 sshd: 207.10.28.19 sshd: 210.76.127.4 sshd: 82.103.77.100 sshd: 207.234.145.109 sshd: 61.131.80.30 sshd: 159.226.149.11 sshd: 82.229.209.252 sshd: 82.56.36.56 sshd: 212.94.83.10 sshd: 220.121.34.64 sshd: 207.234.224.210 sshd: 64.34.193.58 sshd: 222.235.64.140 sshd: 195.188.250.172 sshd: 220.76.0.194 sshd: 210.118.94.55 sshd: 148.204.183.218 sshd: 203.197.163.88 sshd: 217.156.68.203 sshd: 69.90.169.29 sshd: 213.143.66.142 sshd: 202.181.105.170 sshd: 69.38.48.20 sshd: 71.11.240.144 sshd: 65.164.58.2 sshd: 216.120.241.232 sshd: 64.182.50.244 sshd: 211.233.14.177 sshd: 83.18.27.210 sshd: 67.85.188.177 sshd: 62.15.230.129 sshd: 212.93.158.100 sshd: 202.222.28.22 sshd: 220.225.119.9 sshd: 202.181.96.33 sshd: 202.54.26.218 sshd: 211.252.207.187 sshd: 202.30.198.233 sshd: 218.145.207.133 sshd: 142.166.47.97 sshd: 59.144.2.102 sshd: 65.119.133.242 sshd: 218.25.82.157 sshd: 200.89.74.80 sshd: 212.114.221.99 sshd: 82.76.19.38 sshd: 200.67.134.217 sshd: 200.71.43.105 sshd: 148.88.201.30 sshd: 221.251.1.69 sshd: 64.239.2.119 sshd: 212.72.175.43 sshd: 195.97.98.240 sshd: 160.75.27.251 sshd: 216.97.13.46 sshd: 220.189.255.22 sshd: 200.175.254.60 sshd: 194.158.245.243 sshd: 60.248.229.120 sshd: 24.75.39.218 sshd: 200.138.65.1 sshd: 66.36.231.120 sshd: 193.54.239.198 sshd: 211.63.252.38 sshd: 216.120.255.208 sshd: 62.117.114.180 sshd: 216.191.184.30 sshd: 221.122.43.104 sshd: 202.76.88.72 sshd: 220.123.212.149 sshd: 61.221.57.89 sshd: 61.222.49.59 sshd: 220.248.13.48 sshd: 69.110.112.188 sshd: 195.128.252.8 sshd: 200.247.170.7 sshd: 200.47.112.149 sshd: 65.112.21.144 sshd: 69.53.127.51 sshd: 210.193.21.162 sshd: 80.53.170.10 sshd: 84.44.16.28 sshd: 62.5.231.86 sshd: 24.83.214.74 sshd: 203.144.229.199 sshd: 67.32.49.180 sshd: 82.225.213.87 sshd: 213.201.30.250 sshd: 64.34.165.199 sshd: 213.39.251.205 sshd: 219.123.39.114 sshd: 201.134.90.201 sshd: 220.194.55.123 sshd: 161.67.6.23 sshd: 202.108.13.91 sshd: 218.24.139.109 sshd: 217.172.181.107 sshd: 69.36.3.66 sshd: 61.208.89.194 sshd: 62.121.94.218 sshd: 69.70.19.237 sshd: 218.248.33.225 sshd: 61.193.164.226 sshd: 62.194.80.137 sshd: 61.152.160.155 sshd: 213.145.140.14
Thanks Will. One thing I have always done with SSH is run it on a non-default port. Its funny I left it on 22 once and watched the log reports every morning in my email for a few days and the amount of people trying to login as the root user was amazing... the report was 40-50 lines longer than normal just from all the attempts... I then chose a port over 10000 as they say most port scanners usually scan port 1-10000. Once I did that I have not seen one attempt to try and access root through SSH or any user for that matter. Good tip though... =)
And yeah I always have a test machine for breaking stuff on... I think thats how I have learnt most of what I know about linux is breaking it and re-installing it many many times ;)
Thanks for the info, very much appreciated... Gonna check out EBAY for that book and check out those links so I have some reading to do.. thanks again!
James _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos