How do I prevent unauthorized ssh login attempts?
Kevin Hunter
hunteke at earlham.edu
Thu Apr 26 14:35:13 UTC 2007
At 8:34a -0400 on 26 Apr 2007, Bill Moran wrote:
> In response to "Andreas Widerøe Andersen" <wodfer at gmail.com>:
>
>> I'm getting a lot of unauthorized ssh login attempts. I have a
>> pretty basic
>> FreeBSD 6.2 setup. I have compiled my own kernel. Here's what I
>> get from my
>> daily security run output:
>>
>> myserver.domain.com login failures:
>> Apr 25 20:00:19 myserver sshd[57810]: Invalid user staff from
>> 65.171.74.26
>> [similar lines snipped]
>>
>> How can I stop these attempts or block them - or even recognize
>> them? I do
>> not have IPF installed.
>
> One possibility:
> http://www.potentialtech.com/cms/node/16
I'm a noob to *BSD, so I'm not sure if not having IPF installed means
you still have another firewall option. If you do, I'd say following
Bill's [sp]age advice is best for your system security overall.
If you don't have a firewall, another option would be to disallow ssh
password logins. i.e. only allow login via public/private key
authentication. This is a server side option, so 'man sshd_config'
and look for the PasswordAuthentication option. You'll still get the
"Invalid user..." warning messages, but short of wasting your
bandwidth and (log) diskspace, they'll be useless cracker attempts.
(And if you're looking for how to create public/private keys, 'man
ssh-keygen'.)
In general, utilizing public/private keys for remote authentication
is /much/ more secure than passwords.
HTH,
Kevin
More information about the freebsd-questions
mailing list