How do I prevent unauthorized ssh login attempts?

Beech Rintoul beech at alaskaparadise.com
Thu Apr 26 10:36:07 UTC 2007 

On Thursday 26 April 2007, Andreas Widerøe Andersen said:
> I'm getting a lot of unauthorized ssh login attempts. I have a
> pretty basic FreeBSD 6.2 setup. I have compiled my own kernel.
> Here's what I get from my daily security run output:
>
> myserver.domain.com login failures:
> Apr 25 20:00:19 myserver sshd[57810]: Invalid user staff from
> 65.171.74.26 Apr 25 20:00:22 myserver sshd[57812]: Invalid user
> sales from 65.171.74.26 Apr 25 20:00:24 myserver sshd[57814]:
> Invalid user recruit from 65.171.74.26 Apr 25 20:00:26 myserver
> sshd[57816]: Invalid user alias from 65.171.74.26 Apr 25 20:00:28
> myserver sshd[57818]: Invalid user office from 65.171.74.26 Apr 25
> 20:00:30 myserver sshd[57820]: Invalid user samba from 65.171.74.26
> Apr 25 20:00:32 myserver sshd[57822]: Invalid user tomcat from
> 65.171.74.26 Apr 25 20:00:34 myserver sshd[57824]: Invalid user
> webadmin from 65.171.74.26
> Apr 25 20:00:36 myserver sshd[57826]: Invalid user spam from
> 65.171.74.26 Apr 25 20:00:38 myserver sshd[57828]: Invalid user
> virus from 65.171.74.26 Apr 25 20:00:41 myserver sshd[57830]:
> Invalid user cyrus from 65.171.74.26 Apr 25 20:00:43 myserver
> sshd[57832]: Invalid user oracle from 65.171.74.26 Apr 25 20:00:45
> myserver sshd[57834]: Invalid user michael from 65.171.74.26 Apr 25
> 20:00:47 myserver sshd[57836]: Invalid user ftp from 65.171.74.26
> Apr 25 20:00:49 myserver sshd[57838]: Invalid user test from
> 65.171.74.26 Apr 25 20:00:51 myserver sshd[57840]: Invalid user
> webmaster from 65.171.74.26
> Apr 25 20:00:53 myserver sshd[57842]: Invalid user postmaster from
> 65.171.74.26
> Apr 25 20:00:56 myserver sshd[57844]: Invalid user postfix from
> 65.171.74.26 Apr 25 20:00:57 myserver sshd[57846]: Invalid user
> postgres from 65.171.74.26
> Apr 25 20:00:59 myserver sshd[57848]: Invalid user paul from
> 65.171.74.26 Apr 25 20:01:04 myserver sshd[57852]: Invalid user
> guest from 65.171.74.26 Apr 25 20:01:06 myserver sshd[57854]:
> Invalid user admin from 65.171.74.26 Apr 25 20:01:08 myserver
> sshd[57856]: Invalid user linux from 65.171.74.26 Apr 25 20:01:11
> myserver sshd[57858]: Invalid user user from 65.171.74.26 Apr 25
> 20:01:13 myserver sshd[57860]: Invalid user david from 65.171.74.26
>
> How can I stop these attempts or block them - or even recognize
> them? I do not have IPF installed.
>
> Thanks for your help.
>
> Best regards,
> Andreas

Check out denyhosts, it's in the tree. It works well for me and is 
easy to set up.

Beech


-- 
---------------------------------------------------------------------------------------
Beech Rintoul - Port Maintainer - beech at alaskaparadise.com
/"\   ASCII Ribbon Campaign  | FreeBSD Since 4.x
\ / - NO HTML/RTF in e-mail   | http://www.freebsd.org
 X  - NO Word docs in e-mail | Latest Release:
/ \  - http://www.freebsd.org/releases/6.2R/announce.html
---------------------------------------------------------------------------------------

More information about the freebsd-questions mailing list