illegal user root user failed login attempts

Daniel Bye freebsd-questions at slightlystrange.org
Tue Apr 26 03:42:09 PDT 2005 

On Tue, Apr 26, 2005 at 09:22:34AM +0100, Peter Kropholler wrote:
> I run a server at home on port 22.
> There are loads of illegal user attempts to login
> every few days. As its at home I protect myself
> by having only one user on the sshd AllowUsers
> list and with a very strong password and no
> admin/sysman priveleges.

Good strategy.  You could even go so far as to deny logins without a
public key.

> So essentially every failed login attempt is illegal.
> 
> Is there any way to actually record what passwords
> the hackers' scripts are trying? I am just really intrigued
> to know what they are thinking might work.

No - ssh transport is encrypted even by the time passwords are involved.

> I realize that it's not normally appropriate to log people's
> passwords but in my case I am literally the only user
> who will ever legitimately login to my machine

It'll just be a script running somewhere that offers common passwords,
random words, etc.  You'd be amazed at how many installations use a
default password (Cliff Stoll's The Cuckoo's Egg is a damn fine read,
and talks about default passwords on admin and field service accounts)

More useful might be to log the IP addresses the connections are coming
from and report the abuse to the authority to whom the addresses are
assigned.  You never know - they might feel compelled to stamp on the
little buggers...

Dan

-- 
Daniel Bye

PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050426/4e1daf4c/attachment.bin

More information about the freebsd-questions mailing list