At 8:34a -0400 on 26 Apr 2007, Bill Moran wrote:

In response to "Andreas Wider√łe Andersen" <[EMAIL PROTECTED]>:

I'm getting a lot of unauthorized ssh login attempts. I have a pretty basic FreeBSD 6.2 setup. I have compiled my own kernel. Here's what I get from my
daily security run output:

myserver.domain.com login failures:
Apr 25 20:00:19 myserver sshd[57810]: Invalid user staff from 65.171.74.26
[similar lines snipped]

How can I stop these attempts or block them - or even recognize them? I do
not have IPF installed.

One possibility:
http://www.potentialtech.com/cms/node/16

I'm a noob to *BSD, so I'm not sure if not having IPF installed means you still have another firewall option. If you do, I'd say following Bill's [sp]age advice is best for your system security overall.

If you don't have a firewall, another option would be to disallow ssh password logins. i.e. only allow login via public/private key authentication. This is a server side option, so 'man sshd_config' and look for the PasswordAuthentication option. You'll still get the "Invalid user..." warning messages, but short of wasting your bandwidth and (log) diskspace, they'll be useless cracker attempts.

(And if you're looking for how to create public/private keys, 'man ssh-keygen'.)

In general, utilizing public/private keys for remote authentication is /much/ more secure than passwords.

HTH,

Kevin_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to