Date: Thu, 26 Apr 2007 10:34:57 -0400 From: Kevin Hunter <hunteke@earlham.edu> To: =?ISO-8859-1?Q?Andreas_Wider=F8e_Andersen?= <wodfer@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: How do I prevent unauthorized ssh login attempts? Message-ID: <B8567964-4339-47EB-ABAD-84ADDAFFA7EE@earlham.edu> In-Reply-To: <20070426083438.52397267.wmoran@potentialtech.com> References: <23ed14b80704260325w3fc06647vb114cd411625e16b@mail.gmail.com> <20070426083438.52397267.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 8:34a -0400 on 26 Apr 2007, Bill Moran wrote: > In response to "Andreas Wider=F8e Andersen" <wodfer@gmail.com>: > >> I'm getting a lot of unauthorized ssh login attempts. I have a =20 >> pretty basic >> FreeBSD 6.2 setup. I have compiled my own kernel. Here's what I =20 >> get from my >> daily security run output: >> >> myserver.domain.com login failures: >> Apr 25 20:00:19 myserver sshd[57810]: Invalid user staff from =20 >> 65.171.74.26 >> [similar lines snipped] >> >> How can I stop these attempts or block them - or even recognize =20 >> them? I do >> not have IPF installed. > > One possibility: > http://www.potentialtech.com/cms/node/16 I'm a noob to *BSD, so I'm not sure if not having IPF installed means =20= you still have another firewall option. If you do, I'd say following =20= Bill's [sp]age advice is best for your system security overall. If you don't have a firewall, another option would be to disallow ssh =20= password logins. i.e. only allow login via public/private key =20 authentication. This is a server side option, so 'man sshd_config' =20 and look for the PasswordAuthentication option. You'll still get the =20= "Invalid user..." warning messages, but short of wasting your =20 bandwidth and (log) diskspace, they'll be useless cracker attempts. (And if you're looking for how to create public/private keys, 'man =20 ssh-keygen'.) In general, utilizing public/private keys for remote authentication =20 is /much/ more secure than passwords. HTH, Kevin=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B8567964-4339-47EB-ABAD-84ADDAFFA7EE>