[NTLUG:Discuss] SSH Dictionary Attacks
Thomas Cameron
thomas.cameron at camerontech.com
Sat Dec 31 18:48:28 CST 2005
On Sat, 2005-12-31 at 17:13 -0600, Spicerun wrote:
> Thomas Cameron wrote:
> > OK, this is just getting silly. I'm up to almost 10,000 dictionary
> > attacks against my servers per day. The logwatch e-mails are freaking
> > huge. I have been pretty much ignoring this stuff because I know that
> > remote root logins are not possible and I know for sure we are using
> > very strong passwords, but I am tired of the logfile silliness.
> >
> >
>
> Could I recommend, if at all possible, that you set your sshd daemon to
> allow only ssh-dsa key login only? That is the way I have my sshd
> system configured where it doesn't accept any password at all....doesn't
> even ask for one (it just validates my dsa generated key which is about
> 2048 bits in my case instead for authentication). I've found that not
> many dictionary attack programs continue on when they don't get the
> password prompt.
>
> BTW, remote root logins are possible if you're allowing it in the
> sshd_config file options. I don't think that this is a particularly
> good idea to have remote root allowed though.
As I said in my original post, I have disallowed remote root login.
TC
More information about the Discuss
mailing list