Peopled hav had lots of suggestions... pretty much everything has been suggested except for my approach: 1) don't use 1234 or test for password 2) ignore the suckers /Peter On Monday 13 February 2006 23:58, John Merritt wrote: > Hi, > > I get ssh connect attempts all the time, to my servers at home and at > work. I've noticed lately they come from a certain ip address, hitting > every 3 or 4 seconds, trying 50 or 100 different user names and > passwords. And I get these sweeps from 2 or 3 ip addresses a day. I > guess this is an automated attempt to guess a user/pass and break into a > system. > > I tried to secure ssh better by putting in an AllowUsers line in > sshd_config. Then I thought tcp wrappers and just putting in my own > addresses in /etc/hosts.allow would be even better, until I found out > that all mail to my email server would be rejected. > > I have 2 questions. One, is there anything you can do to stop these > attempts, other than not running ssh? > > And two, do those ssh attempts every 3 or 4 seconds slow down a box, or > put any strain on it? > > John -- ------------------------------------------------------------ Peter Kjellström | National Supercomputer Centre | Sweden | http://www.nsc.liu.se -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20060214/a54cc143/attachment-0005.sig>