can't figure out ssh, read lots of docs...

fbsd_user fbsd_user at
Fri Jun 3 14:03:31 GMT 2005

All the talk so far has been about how to stop attacks at your front
door. This does nothing to really get back at the attacker to stop
them from sending out their attacks. I use the
abuse-reporting-system scripts. I have my ipfilter firewall log all
these attacks/probes and then when the /var/log/security file rolls
over the log is passed through the scripts that does whois on
sending IP address to find ISP owner's abuse reporting email address
and then sends the firewall log records to the ISP. Before I started
running this abuse-reporting system I was getting over 1200
attacks/probes packets a day. Now after 6 months of running it I get
less than 60 per day which are first time packets hitting me. If you
really want to stop this trash form running up your bandwidth
charges this is the way to get back at the attackers. The owning ISP
just turns off their accounts. There is still some udp spoofing
happening but that is small compared to the rest of the trash
hitting your front door.

The abuse-reporting-system scripts can be downloaded from    or

It was submitted to FreeBSD as a port but not accepted yet.

-----Original Message-----
From: owner-freebsd-questions at
[mailto:owner-freebsd-questions at]On Behalf Of Rick
Sent: Wednesday, June 01, 2005 6:44 PM
To: Steven Friedrich
Cc: freebsd-questions at
Subject: Re: can't figure out ssh, read lots of docs...

I just want to add a little about allowing root login over ssh and
using common user names as login names if I may.  I just left an
job where we were running a live server and I used to read the log
files everyday.  The number of brute force attempts to login in to
sshd was staggering sometimes over 700 attempts in a day from many
different locations.(usually script kiddies)  I had the only user
account so it wasn't my users making mistakes.  90%+ of the attempts
were for the root account.  The other 10% were for common names like
steven, rick, and paul the list goes on.

So I would recommend that you keep root login disabled and don't use
common names for login names.  Most people where setting up scripts
block the offending attacker.

Not to mention every security document or site I have ever read has
said "Don't allow remote root login"

Thanks for letting me spew,

On 6/1/05, Steven Friedrich <FreeBSD at> wrote:
> Thanks to Nathan Kinkade, Roland Smith, Greg Barniskis, and Rick
Preston for
> the replies.  Each gave me quite a bit of info and I'm still
digesting it.
> I've been successful using ssh-agent, though I have to enter the
> each time I run my script.  That's really only an annoyance now
because I'm
> developing the script and have to enter it often. That goes away
when the
> script is stable.
> I've been using ssh to login to my local machines for quite some
time and
> never realized I didn't have it set up quite right, because it was
asking for
> a passwd, which means all other means failed.
> What I did notice though, is that I can't login as root using ssh.
I haven't
> found this mentioned in the man pages.
> Anybody know where it's documented, whether it can be changed, and
would that
> be a colossal mistake?
> I mean, hey, it's a secure shell, why can't I login as root?
> The reason I want to use root is because I'm trying to scp
> from each of my four machines so I can write them to a CD for
freebsd-questions at mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list