On Mon, Jul 21, 2008 at 4:08 PM, Lanny Marcus lmmailinglists@gmail.com wrote:
On Mon, Jul 21, 2008 at 3:43 PM, Bo Lynch blynch@ameliaschools.com wrote:
just wanted to get some feedback from the community. Over the last few days I have noticed my web server and email box have attempted to ssh'd to using weird names like admin,appuser,nobody,etc.... None of these are valid users. I know that I can block sshd all together with iptables but that will not work for us. I did a little research on google and found programs like sshguard and sshdfilter. Just wanted to know if anyone had any experience with anything like these programs or have any other advice. I really appreciate it.
Possibly begin by not allowing root access. Don't use passwords, use keys.
http://wiki.centos.org/TipsAndTricks/SshTips/SshKeyAuthentication
The above link is mostly dead. The data isn't there yet.
http://wiki.centos.org/TipsAndTricks/BecomingRoot
if you can sudo into your servers, that might help.
Also, use a different port. Many ways to skin a cat.