Today I saw something strange in logs one of my servers. Part of the /var/log/security:
[ ... ]
"abcdefgh" is my username to the different machine in the other domain, x.x.x.x it's my workstation. Yesterday, I loged into machine where my login is "abcdefgh" from x.x.x.x. But not to the "server".
Anybody has an idea?
looks like a dictionary attack to me; i get these all the time, sometimes with sufficient intensity that they crash my gateway router (boo!). these have been discussed recently on-list:
- consider running sshd on a nonstandard port to dodge the bulk of this
SSH on "server" is moved from port 22.
- consider using port knocking (i think i remember apf being one
suggested package) 3) make sure you haven't enabled ssh login for any of the generic accountnames they use, and make sure your passwords are strong
As I remember, I tried to log to server where my username is "abcdefgh" using Konqueror and sftp protocol and I couldn't. Today it works.
Regards. -- _________________________________________________________________ D o m i n i k S k Å‚ a d a n o w s k i