[LAD] [ot] - NEED some security advise PLEASE!
zenadsl6252 at zen.co.uk
Sun Feb 15 01:14:49 UTC 2009
On Sun, 15 Feb 2009 00:43:17 +0100
Fons Adriaensen <fons at kokkinizita.net> wrote:
> On Sat, Feb 14, 2009 at 11:55:13PM +0100, Julien Claassen wrote:
> > 8226 ? Ss 0:00 sshd: unknown [priv]
> > 8227 ? S 0:00 sshd: unknown [net]
> > Just before that I only saw "sshd [accept]" and "sshd [net]".
> > Shutdown sshd and made new password and restarted sshd. Now it's the same.
> > Can I easily check where it's coming from and what it's doing. I don't see
> > anything besides those two lines. No other strange processes.
> Someone is trying a ssh login - usually from the former
> east block - and probably trying a list of user names
> and passwords. Do (as root) tail -50 /var/log/secure
> to see the show.
> It happens here all the time. As long as you don't have
> any easily guessed user/passwd combinations the danger
> is limited, and closing your network connection for a
> minute usually makes them go away. Configuring sshd to
> allow only dsa authentication is better of course.
I changed the port sshd runs on because I got sick of the
clickety click as logs were written due to brute force login
attempts. Not an option for everyone but it did the trick
nicely for me. Port knocking is another option.
More information about the Linux-audio-dev