On Wed, Nov 15, 2006 at 06:51:02PM +0000, Shri Shrikumar wrote: > Hi All, > > I have a few servers on which there is a regular penetration attempts > using brute force password guessing bots. > > There is little risk to the server but am getting more and more annoyed > by this and as far as I can see am left with two options. > > 1. Report each ip address that does this. However, a lot of them seems > to be from asia with no proper abuse@ address to contact. Additionally, > this can be very time consuming. > > 2. Change the port number that ssh uses to something else. This has the > annoyance that I need to pass the new port number in each time I want to > log-in. > > 3. Ignore the issue. Very annoying since logwatch and logcheck > constantly complain about it. However, I can add filters so it annoys me > less. > > Is there a another option? Alternatively, is there a way of > automatically reporting offending ip's? >
Is there a way to set ssh/pam so that it doesn't even prompt for a password if privatekey fails? It has always seemed silly to me that if you have disabled password login to then have ssh prompt for a password. If there was no password prompt then perhaps the systems would be unable to even attempt a brute force attack. Is there a way to configure the firewall to only allow or deny connection attempts from certain ip addresses? Can your own ISP offer any sort of filtering? If it doesn't affect security, I would just filter out the log noise but I would make absolutly sure that it doesn't affect security. It still annoying. Its like having some rattle your front door when its locked. Remember the movie "Home Alone"? Is there an internet/ssh version of the electric_barbecue_starter_on_the_door-knob trick? Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
