Yes lot of them - why don't you just disable "regular" login and enable RSA only ? That way they don't have chance for automated attack. If you combine it with your static ip (or DynDNS ip ) and alllow only it to connect) / port-knocking, you will even know that potential error in ssh will not let them in.
Gerard Beekmans wrote: > Hey guys, > > Just wondering who else has been getting these. I have a /24 IP space > that seems to be targeted lately for sshd bruce force attacks. I can't > seem to keep up with firewalling the bad guys out. Luckily there's no > such thing as weak passwords on the servers I have access to, so all > should be well. For now anyway. It's just annoying. > > Yeah I could block all access to port 22 and only allow a select few IP > addresses access but this makes things cumbersome when I try to login to > my machine when I'm out of town. > > The only maybe way around this is create a web app where I can input IP > addresses that can SSH and some cronjob to check for changes and update > the firewall accordingly. > > Does anybody have other ideas? I'd like to keep ssh open for convenience > reasons. It'd really suck if I block the world, am out of town, get an > emergency call for work, and "oops I can't login until I'm home again > which will be in a few days. Sorry boss, you'll just have to live with > the downed service until then." That's not going to go over very well. > > > -- http://linuxfromscratch.org/mailman/listinfo/lfs-security FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
