[ILUG] Breakins attempted - advice please
kevin brennan
kevin.brennan at redsquared.com
Wed Aug 27 12:09:50 IST 2008
Change the port used by sshd, this should attempts to almost zero.
normally set in file sshd_config
/KB
John Kinsella wrote:
> Hi,
> no flames please!
>
> I'm being regularly subjected to what appear to auth.log (and me) to be
> attempted breakins on my office desktop machine (Ubuntu Hearty Heron
> with Firestarter firewall)
> e.g.
>
> ==============8<===========
> Aug 27 11:56:18 jkcray sshd[15664]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.78.212.68
> user=root
> Aug 27 11:56:20 jkcray sshd[15664]: Failed password for root from
> 200.78.212.68 port 34256 ssh2
> Aug 27 11:56:22 jkcray sshd[15666]: reverse mapping checking getaddrinfo
> for na-200-78-212-68.na.avantel.net.mx [200.78.212.68] failed - POSSIBLE
> BREAK-IN ATTEMPT!
> Aug 27 11:56:22 jkcray sshd[15666]: Invalid user magazine from
> 200.78.212.68
> Aug 27 11:56:22 jkcray sshd[15666]: pam_unix(sshd:auth): check pass;
> user unknown
> Aug 27 11:56:22 jkcray sshd[15666]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.78.212.68
> Aug 27 11:56:24 jkcray sshd[15666]: Failed password for invalid user
> magazine from 200.78.212.68 port 34486 ssh2
> ==============8<===========
>
> I'd like to keep sshd running so I can log in from home.
>
> Other than changine firewall settings to block all but my ISP's IP
> addresses for access via ssh is there anything else that I should be
> looking at?
>
> Thanks
>
> John
>
More information about the ILUG
mailing list