[NTLUG:Discuss] SSH Dictionary Attacks
Spicerun
spicerun at verizon.net
Sat Dec 31 17:13:57 CST 2005
Thomas Cameron wrote:
> OK, this is just getting silly. I'm up to almost 10,000 dictionary
> attacks against my servers per day. The logwatch e-mails are freaking
> huge. I have been pretty much ignoring this stuff because I know that
> remote root logins are not possible and I know for sure we are using
> very strong passwords, but I am tired of the logfile silliness.
>
>
Could I recommend, if at all possible, that you set your sshd daemon to
allow only ssh-dsa key login only? That is the way I have my sshd
system configured where it doesn't accept any password at all....doesn't
even ask for one (it just validates my dsa generated key which is about
2048 bits in my case instead for authentication). I've found that not
many dictionary attack programs continue on when they don't get the
password prompt.
BTW, remote root logins are possible if you're allowing it in the
sshd_config file options. I don't think that this is a particularly
good idea to have remote root allowed though.
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
>
More information about the Discuss
mailing list