[CentOS] I appear to be attacking others

Tue Feb 7 08:52:56 UTC 2006
Benjamin Smith <lists at benjamindsmith.com>

On Monday 06 February 2006 17:46, James Gagnon wrote:
> Thanks Will.  One thing I have always done with SSH is run it on a 
> non-default port.  Its funny I left it on 22 once and watched the log 
> reports every morning in my email for a few days and the amount of people 
> trying to login as the root user was amazing... the report was 40-50 lines 
> longer than normal just from all the attempts... I then chose a port over 
> 10000 as they say most port scanners usually scan port 1-10000.  Once I did 
> that I have not seen one attempt to try and access root through SSH or any 
> user for that matter.  Good tip though... =)

Not only do I use a *high* port, but I also restrict acceptable connections to 
just a few IP addresses, with one machine having *ONLY* an ssh port globally 
open, accepting only keys, no passwords, on a high port as a "gateway" for 
when I need to get in from someplace other than the small list of approved 

I've had ZERO problems with this. But, when SSH was on 22, and open to the 
world, I saw something like 30,000 attempts on the root account in a single 
24 hour period. Holy fscking sh--!  (Not that it did any good, you couldn't 
login as root without an RSA key) 

"The best way to predict the future is to invent it."
- XEROX PARC slogan, circa 1978