ssh under attack - sessions in accepted state hogging CPU
cswiger at mac.com
Tue Aug 10 07:20:27 UTC 2010
On Aug 9, 2010, at 8:13 PM, Matt Emmerton wrote:
> I'm in the middle of dealing with a SSH brute force attack that is relentless. I'm working on getting sshguard+ipfw in place to deal with it, but in the meantime, my box is getting pegged because sshd is accepting some connections which are getting stuck in [accepted] state and eating CPU.
> I know there's not much I can do about the brute force attacks, but will upgrading openssh avoid these stuck connections?
If I wasn't allowed to require that in order to SSH to arbitrary internal machines one would need to do a VPN session, the second choice would be to install the openssh port with tcpwrappers support + denyhosts.
More information about the freebsd-questions