As long as they dont know your password, username and it isnt an easy dictonary password. (which you said it isnt), you should be quite secure enuf :) I see these all the time on my companys servers and we are yet to get anyone even get the right username.
I dont know if it works on gentoo as i havent tried it yet, but on my Fedora boxes i use a program called BFD - Brute Force Detector* (Needs APF**) and it automaticly bans the ip from the box using IPTables. Works quite well. (At this point I'll point out the normal about I tried it on my gentoo dev box and it floored all contact with the outter world, try at your own risk) * http://www.rfxnetworks.com/bfd.php ** http://www.rfxnetworks.com/apf.php ----- Alex A. Smith MCP ASMHosting.com Owner Antonio Coralles wrote: >I'm running sshd on my personal computer to be able to log in from >different machines. To tighten security without disabling pam i've >created a user which is not in groop weel, and configured ssh to accept >logins for this user only. By the way all passwords on my system are >well choosen and should be invulnerable to dictonary attacs. > >As # cat /var/log/sshd/current normaly looks something like > > Apr 21 15:17:26 [sshd] Did not receive identification string from >211.20.75.83 >Apr 21 18:05:16 [sshd] Invalid user test from 213.244.22.178 >Apr 21 18:05:16 [sshd] reverse mapping checking getaddrinfo for >reverse.completel.net failed - POSSIBLE BREAKIN ATTEMPT! >Apr 21 18:05:16 [sshd] User guest not allowed because shell /dev/null is >not executable >Apr 21 18:05:16 [sshd] reverse mapping checking getaddrinfo for >reverse.completel.net failed - POSSIBLE BREAKIN ATTEMPT! >Apr 21 18:05:17 [sshd] Invalid user admin from 213.244.22.178 >Apr 21 18:05:17 [sshd] reverse mapping checking getaddrinfo for >reverse.completel.net failed - POSSIBLE BREAKIN ATTEMPT! >Apr 21 18:05:17 [sshd] Invalid user admin from 213.244.22.178 >Apr 21 18:05:17 [sshd] reverse mapping checking getaddrinfo for >reverse.completel.net failed - POSSIBLE BREAKIN ATTEMPT! >Apr 21 18:05:18 [sshd] Invalid user user from 213.244.22.178 >Apr 21 18:05:18 [sshd] reverse mapping checking getaddrinfo for >reverse.completel.net failed - POSSIBLE BREAKIN ATTEMPT! > - Last output repeated twice - >Apr 21 18:05:18 [sshd] User root not allowed because not listed in >AllowUsers >Apr 21 18:05:19 [sshd] reverse mapping checking getaddrinfo for >reverse.completel.net failed - POSSIBLE BREAKIN ATTEMPT! >Apr 21 18:05:19 [sshd] User root not allowed because not listed in >AllowUsers >Apr 21 18:05:20 [sshd] reverse mapping checking getaddrinfo for >reverse.completel.net failed - POSSIBLE BREAKIN ATTEMPT! >Apr 21 18:05:20 [sshd] User root not allowed because not listed in >AllowUsers >Apr 21 18:05:20 [sshd] Invalid user test from 213.244.22.178 >Apr 21 18:05:20 [sshd] reverse mapping checking getaddrinfo for >reverse.completel.net failed - POSSIBLE BREAKIN ATTEMPT! >Apr 21 19:02:44 [sshd] Did not receive identification string from >62.193.229.154 > >i would like to know if sshd is really secure as long as nobody who >shouldn't has the correct username and password. > >thanks >antonio > > -- [email protected] mailing list
