Since we were talking about services globally accessible recently, just wanted to share a public service announcement. Below is a pretty typical /daily/ count of failed logins on a publicly accessible ssh server under my purview. Seeing as how root has 10 times the hits of the next biggest target, if you're not set up with some sort of MFA this is why it can be a good idea to set the "PermitRootLogin no" option in your sshd config.
Also useful to not allow login for system accounts, although this is managed by PAM on my fedora machine (no uid < 1000; be wary if manually creating system accounts, usually packages following your distro's packaging guidelines will have system-accounts created properly) "username" "number of failed logins" root 4328 admin 444 MikroTik 320 profile1 320 user1 316 admin1 314 default 314 administrator 252 ubnt 250 user 248 support 244 web 238 tech 200 demo 174 telecomadmin 160 debian 18 test 18 Administrator 12 oracle 12 ubuntu 12 pi 10 NetLinx 6 apache 6 backup 6 centos 6 cirros 6 cisco 6 cloudera 6 device 6 ethos 6 git 6 guest 6 hacker 6 hunter 6 hxeadm 6 localadmin 6 m202 6 maint 6 nagios 6 _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
