[ILUG] Breakins attempted - advice please
lists at mcdermottroe.com
Wed Aug 27 12:10:47 IST 2008
John Kinsella wrote:
> I'm being regularly subjected to what appear to auth.log (and me) to be
> attempted breakins on my office desktop machine (Ubuntu Hearty Heron
> with Firestarter firewall)
> I'd like to keep sshd running so I can log in from home.
> Other than changine firewall settings to block all but my ISP's IP
> addresses for access via ssh is there anything else that I should be
> looking at?
1) Use denyhosts (http://denyhosts.sourceforge.net/)
2) Restrict logins only to a set of authorized users. AllowUsers or
AllowGroups in your sshd config is what you need to look at. This
won't stop the attacks but it might prevent them getting lucky with
an unused/daemon account.
More information about the ILUG