[K12OSN] How do I stop attempted logins
Dr. Daniel Loomis
drloomis at cox-internet.com
Tue Mar 22 01:27:12 UTC 2005
I have remote access setup for our server so I can transfer files, check
logs, and do maintenance from home. I have it setup using a
public/private key-pair, with password login disabled. Root logins are
also disabled. I have it setup to only allow one non-privileged user in
the /etc/ssh/sshd_config file.
No login prompt is ever presented to the outside world on port 22.
However, I still get hundreds of attempts each day from automated probes
usually at intervals of 1-2 seconds. None have been able to breakin
since I do not accept password logins. Here is what is presented to
anyone trying to login on port 22:
FIRST PRESBYTERIAN CHURCH LIBRARY
Password Login = Disabled
Permission denied (publickey).
I have considered changing to a non-standard port, but I suspect that a
simple portscan would quickly discover it and the attempts would
continue.
My /var/log/secure files are filling up fast with these repeated breakin
attempts. I have done a whois on several of the addresses. Most seem
to be coming from Taiwan and other places in Asia.
Is there some way to stop this infernal nuisance?
RevCurmudgeon
More information about the K12OSN
mailing list