PLEASE REMOVE ME, THIS IS MY 2nd request.<div><br>Thanks, <a href="mailto:rlpeterson@gmail.com">rlpeterson@gmail.com</a><br><br><div class="gmail_quote">On Tue, Oct 18, 2011 at 7:12 PM, Robert Leyva <span dir="ltr"><<a href="mailto:mrflash818@geophile.net">mrflash818@geophile.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Following the presentation on ssh tricks, I setup an sshd server instance<br>
on my debian workstation, using public key auth, and was able to be<br>
successful.<br>
<br>
I made sure to disable root login, and any password login attempts by<br>
modifying sshd_config.<br>
<br>
In the hour I was testing the new wonder, I was also tail-ing my auth log.<br>
<br>
To my chagrin, in the two times I tested, I had many attempts to access my<br>
ssh:<br>
<br>
Oct 18 01:59:55 pip sshd[26361]: Invalid user oracle from 197.112.2.4<br>
Oct 18 02:00:02 pip sshd[26367]: Invalid user test from 197.112.2.4<br>
Oct 18 02:08:34 pip sshd[26596]: Invalid user test from 197.112.2.4<br>
Oct 18 02:08:42 pip sshd[26599]: Invalid user test from 197.112.2.4<br>
Oct 18 03:12:02 pip sshd[27000]: Invalid user oracle from 111.87.108.120<br>
Oct 18 03:12:09 pip sshd[27003]: Invalid user test from 111.87.108.120<br>
...<br>
Oct 18 10:48:01 pip sshd[27953]: Invalid user peter from 184.105.177.21<br>
Oct 18 10:48:07 pip sshd[27956]: Invalid user peter from 184.105.177.21<br>
Oct 18 10:48:13 pip sshd[27958]: Invalid user sergei from 184.105.177.21<br>
Oct 18 10:48:19 pip sshd[27960]: User root from 184.105.177.21 not allowed<br>
because not listed in AllowUsers<br>
<br>
So, I am hoping I could get advice or suggestions on what further<br>
protections I could add (if any).<br>
- I don't think static firewall rules would help, as I am hoping to ssh<br>
into my box from anywhere<br>
- I am guessing there is a way to have automation block or slowdown<br>
attempts if they begin to seem suspicious.<br>
<br>
<br>
Me<br>
<font color="#888888">--<br>
"Knowledge is Power" -- Sir Francis Bacon<br>
<br>
Robert Leyva<br>
<a href="mailto:mrflash818@geophile.net">mrflash818@geophile.net</a><br>
<br>
<br>
</font></blockquote></div><br></div>