http://isc.sans.edu/diary.html?storyid=9031
http://isc.sans.edu/diary.html?storyid=9034 Apparently attackers are going after "keyboard interactive" authentication, which is separate from "password authentication". If you are using SSH public/private keys only, make sure you have "ChallengeResponseAuthentication no" set in your /etc/ssh/sshd_config file. If you must use passwords, make sure everyone has a strong password, and consider using techniques like scan detection, IP-address access control, port knocking, non-standard port, etc. -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/