On Tue, Apr 20, 2010 at 14:01, glen e. p. ropella <[email protected]> wrote: > > I'm running sshd on a server and I've set: > > PermitRootLogin no > > But I _assumed_ it would stop attempts like the following: > > ----------------------- > Apr 19 07:11:49 huntlab sshd[15840]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.228.225.88 > user=root > > Apr 19 07:11:50 huntlab sshd[15840]: Failed password for root from > 204.228.225.88 port 50082 ssh2 > -----------------------
It won't let them login even if they guess the right password. But aside from explicitly firewalling every IP you won't ever want to connect from completely, you're pretty well stuck in reactionary mode: wait for the (guaranteed to fail) attempt and then block it. i use the program 'denyhosts' to kick people off the lawn after 3 failed login attempts. but it only defends against IP's that knock 3 times. still a lot better to read logs with 3 attempts in, than 3000. and it's pretty versatile so can work for other services (ftp for instance) that someone might also try to break into with brute force repeated attempts. > And I've heard babble about PAM settings and such. So, I'm thinking > that I just don't have it locked up completely. I expected the sshd > server to immediately refuse the connection without having to go through > the challenge response or password auth. i don't know of anything like that, but if you find something that isn't talked about on list, please let us know! _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
