Changing the port used by sshd is a good idea. I would also recommend disabling password authentication and only using public key authentication.
-Mike On Tue, 2006-04-11 at 20:55 -0600, Wade Preston Shearer wrote: > My server can get up ~12,000 [1] failed log in attempts recorded in > my server's logs in one day. How much of a concern should this be? I > am aware of restricting shell access to certain IPs. Will that > restrict the handshake or will I still see the attempts in my logs? > Are there any ways to restrict the attempts? > > > [1] Generally, ~3-20 on against standard system accounts (root, news, > squid, apache, etc), ~5,000 against unknown, and ~12,000 against > "unmated entries." > > > Wade Preston Shearer > > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
