[Tfug] Stopping repeated login attempts
Jeff Breadner
jeff at breadner.ca
Tue Jan 26 08:06:28 MST 2010
>> Looking at my log files I am getting repeated login attempts from China. I
>> changed my NAT port setting in the router and it slowed down for a few
>> hours. What is the best way for dealing with this? I don't think a manual
>> solution will be the best.
>>
>
> Change the port that ssh listens on. Or enable a VPN, and only accept
> SSH from the internal network interface.
>
>
>
Only allow SSH via VPN? That seems backwards.
Allowing SSH only from higher level ports is what I do, and it's pretty
much stopped the illicit login attempts. How you do this depends on
your router, or if you're directly attached to the Internet. You can
either redirect traffic from your external 54321 port (whatever one you
choose to use) to your internal port 22, or go into your
/etc/ssh/sshd_config file, add a "Port 54321" line (there can be more
than one; SSHD can listen on multiple ports concurrently) and then only
expose the high port to the Internet. Internal traffic can still use
the standard port 22.
Also be sure to only allow Protocol 2 connections.
cheers
Jeff
More information about the tfug
mailing list