[CentOS] ssh security

Fri Jun 19 17:01:47 UTC 2009
Bill Campbell <centos at celestial.com>

On Fri, Jun 19, 2009, Cisco-Education wrote:
>Dear All,
>
>I have the following setup running perfectly OK for a long time
>
>CentOS release 5 (Final)
>sendmail-8.13.8-2.el5
>MailScanner 4.76.25
>bind-9.3.4-6.0.3.P1.el5_2
>
>now i jus setup a centos box running BackupPC for backing up my my above
>mail server using ssh as per the instructions in backup pc site
>i had to enable sshd so i did it and
>everthing works perfect and backup works great as per my requirement
>
>but i notice that when i do a
>
>tail -f /var/log/secure
>
>i see the followin very often

[Normal log stuff from dictionary attack deleted...]

This is common, and, presuming you have good passwords or only
accept authorized_keys, not a real problem other than large log
files.

Look at fail2ban for a method that will automatically add
iptables blocks when this occurs.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792

"I ask, sir, what is the militia? It is the whole people. To disarm the
people is the best and most effectual way to enslave them."-- George Mason