Oliver Fromme wrote: > Graham Menhennitt wrote: > > Christopher Hilton wrote: > > > If it's at all possible switch to using public keys for authentication > > > with ssh and disallow password authentication. This completely stops > > > the brute forcing attacks from filling up your periodic security mail. > > Are you sure about that? I only allow PublickeyAuthentication ssh2 > > connections but I get lots of security mail messages like: > > > > Nov 16 01:44:08 maxwell sshd[70067]: Invalid user marcos from 202.54.49.7 > > Nov 16 01:44:23 maxwell sshd[70067]: reverse mapping checking getaddrinfo > for 49-7.broadband.vsnl.net.in failed - POSSIBLE BREAKIN ATTEMPT! > > Those are caused by different things. They're not caused > by wrong passwords, but by an illegal user name (first line) > or by non-matching reverse DNS (second line). These things > are checked even bevore any user keys are exchanged, so the > authentication method doesn't matter. > > They can be savely ignored, because you're immune to brute- > force attacks. If you don't want to see them, a simple > "egrep -v ..." in /etc/periodic/security/800.loginfail will > do. > > Best regards > Oliver > > I can't remember but has anyone mentioned "blocksshd"? it's in ports/security. I still prefer locking down to public key only, but blocksshd is nice. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
