k12osn-request redhat com wrote:
Message: 1 Date: Sat, 5 May 2007 12:10:03 +0200 From: Nils Breunese <nils breun nl> Subject: Re: [K12OSN] Help: System intrusion through ssh and a weak password To: "Support list for open source software in schools." <k12osn redhat com> Message-ID: <F470FC43-A45D-4E16-8F4F-72DE5F9C2385 breun nl> Content-Type: text/plain; charset="us-ascii" Op 5-mei-2007, om 8:53 heeft Nadav Kavalerchik het volgende geschreven:we're using freenx through ssh to remote control all the school that are installed with ltsp what we did is moved the ssh port somewhere high in the port list, it solved all the "scanning" and trying to "break in" log entries that we used to see in the log file :-) (i wonder how long it will last)I like to setup SSH keys, disable PasswordAuthentication and install something like Fail2Ban or DenyHosts. That should keep them out and keep your logs from growing like mad. Nils Breunese.
I use also use fail2ban (http://sourceforge.net/projects/fail2ban ), which scans the system logs and when someone gets a password wrong X number of times in Y time period, their IP address is blocked for Z ammount of time. I use it on a debian machine, and there is a package, but it can be used on other flavors of Linux as well.
http://www.onlinegrades.org/ - Free software for securely posting student grades online