how to react on ssh attacks?

[Stuart Sears]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephanus Fengler wrote:
> Dear list readers,
> 
> I know that this is not a security list but it seems a good starting
> point for me as an ordinary user to ask whether someone can point me in
> the right direction.
> 
> I recently checked my log files of my ssh service (so far as I
> understand this is my only service open) and realized that from the very
> same IP I got a lot of request trying to guess a user name on my system,
> I assume. Since login name always changes in even chronological
> alphabetical order.
> 
> So shell I worry about it or do I need to do some countermeasures?

you have already received some excellent advice on this topic, but might
 I add the following:
these attacks will get more sophisticated as time goes on - the
usernames are just a dictionary based attack and eventually they may get
a username to work...
if you always ssh into your system from specific machines, you could
force the use of public-key authentication on your server, so that even
if the atttackers guess the correct passwords for your system, they will
be useless without the relevant private key on the attacking system...
just for personal security/peace of mind, I would also change the
Protocol 2,1 line in /etc/ssh/sshd_config to say Protocol 2 and then
restart the daemon as before. ssh protocol 1 has known exploits.


- --
Stuart Sears RHCE RHCX
printk("Penguin %d is stuck in the bottle.\n", i);
        linux-2.0.38/arch/sparc/kernel/smp.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFDXM3BamPtx1brPQ4RAuE6AJ408+4Tcaycr8VdNszEHNigMpDh/QCfVyM2
4xrXMZfXMLlknli3tNAzaus=
=A8hQ
-----END PGP SIGNATURE-----