[svlug] What to do about ssh hack attempts?

Rick Moen rick at linuxmafia.com
Wed Feb 1 10:11:08 PST 2006

Previous message: [svlug] What to do about ssh hack attempts?
Next message: [svlug] What to do about ssh hack attempts?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Mark (msalists at gmx.net):

> Moving the port is really a great solution - considering the time it
> takes.  One minute to do the change and I have never gotten one single
> log entry since.  I used to have log entries every day, sometimes up
> to 50,000 attempts from 1 single IP.

Wouldn't it be more useful to concentrate on the threat and the
exposure, rather than logwatch log entries?  If the root problem is
exposure of guessable ssh login/password pairs to remote attackers, then
your candidate solution should aim to fix that exposure.  Moving the
daemon to an unusual port simply doesn't do much.

(Me, I just disable password auth.  Other effective approaches are
possible.)

Previous message: [svlug] What to do about ssh hack attempts?
Next message: [svlug] What to do about ssh hack attempts?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list