On Tue, 22 Jul 2008 16:34:54 +0200 Rudi Ahlers <Rudi at SoftDux.com> wrote: > Bowie Bailey wrote: > > Bo Lynch wrote: > > > >> just wanted to get some feedback from the community. Over the last > >> few days I have noticed my web server and email box have attempted > >> to ssh'd to using weird names like admin,appuser,nobody,etc.... > >> None of these are valid users. I know that I can block sshd all > >> together with iptables but that will not work for us. I did a > >> little research on google and found programs like sshguard and > >> sshdfilter. Just wanted to know if anyone had any experience with > >> anything like these programs or have any other advice. I really > >> appreciate it. > > > > The simplest thing is to change the port. I know it's "security > > through obscurity", but it works well and can be used along with > > whatever other security enhancements you care to use. > > > > > By changing the ports on all our servers to a high (above 1024) port, > we have eliminated SSH scans altogether - been running like that for > a few years now without any problems. > > I also add a small script in /etc/profile to email me when someone > logs in via SSH, since only a few privileged ppl should use SSH > altogether > Interesting idea with this script thing. Can you provide more details or the script?