Tony Placilla <bofh at jhu.edu> Sr. UNIX Systems Administrator The Sheridan Libraries Johns Hopkins University >>> On Tue, Mar 25, 2008 at 12:48 PM, in message <47E92CD1.3060804 at msiscales.com>, Tim Alberts <talberts at msiscales.com> wrote: > So I setup ssh on a server so I could do some work from home and I think > the second I opened it every sorry monkey from around the world has been > trying every account name imaginable to get into the system. > > What's a good way to deal with this? > I am subject to this on an all too frequent basis. Here's what we've put in place that seems to work. DenyHosts. It's available through the rpmforge (or Dag's) repo. Just be sure you edit the config to allow SNYC_DOWNLOAD & create an appropriate allowed.hosts file based upon your needs. sshd in protocol 2 privilege separation no root logins and a nifty little PAM trick is to create a group called ssh_users & and those that should be able to access the server are put into that as their supplementary group. Edit sshd_config & add AllowGroups ssh_users it's part & parcel of the whole "layered security" idea it's cut the noise in my logs down by 99.9% plus I sleep better :)