[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: ssh scans
I don't accept passwords at all, only public/private key authentication.
Just make sure that you have a /home/user/.ssh/authorized_keys2 file and
put this in /etc/ssh/sshd_config
Subsystem sftp /usr/libexec/sftp-server
and restart ssh of course.
the attacker will probably not even be able to negotiate an
authentication method and I don't think that gets logged.
The downside is that you can't log in without a key file but I just keep
a copy on the memory of my mobile phone which I can easily transfer to a
client PC if I need to use someone elses computer to log in.
> On Mon 26 Oct 2009 at 12:42:57 -0700, David Wetzel wrote:
>> I am seeing a lot of ssh scans and I am wondering if somebody has a
>> solution like adding the bad hosts temporary to pf.conf or so?
> I use pam_af, which hooks into PAM. It is in pkgsrc: security/pam-af.
> It blocks IP addresses that try (and fail) more than N logins in M
> seconds for O time.
> The bad guys try to get around this, however. I have seen login attempts
> with fairly consistent interval from all kinds of different sources.
> That clearly was coordinated, since the interval alwas was between 1 and
> 3 minutes.
> I wish sshd would log passwords in these cases. I'm quite interested in
> knowing which passwords they try.
Main Index |
Thread Index |