How do I prevent unauthorized ssh login attempts?

Kevin Hunter hunteke at
Thu Apr 26 14:35:13 UTC 2007

At 8:34a -0400 on 26 Apr 2007, Bill Moran wrote:

> In response to "Andreas Widerøe Andersen" <wodfer at>:
>> I'm getting a lot of unauthorized ssh login attempts. I have a  
>> pretty basic
>> FreeBSD 6.2 setup. I have compiled my own kernel. Here's what I  
>> get from my
>> daily security run output:
>> login failures:
>> Apr 25 20:00:19 myserver sshd[57810]: Invalid user staff from  
>> [similar lines snipped]
>> How can I stop these attempts or block them - or even recognize  
>> them? I do
>> not have IPF installed.
> One possibility:

I'm a noob to *BSD, so I'm not sure if not having IPF installed means  
you still have another firewall option.  If you do, I'd say following  
Bill's [sp]age advice is best for your system security overall.

If you don't have a firewall, another option would be to disallow ssh  
password logins.  i.e. only allow login via public/private key  
authentication.  This is a server side option, so 'man sshd_config'  
and look for the PasswordAuthentication option.  You'll still get the  
"Invalid user..." warning messages, but short of wasting your  
bandwidth and (log) diskspace, they'll be useless cracker attempts.

(And if you're looking for how to create public/private keys, 'man  

In general, utilizing public/private keys for remote authentication  
is /much/ more secure than passwords.



More information about the freebsd-questions mailing list