On Sun, 2009-02-15 at 01:14 +0000, pete shorthose wrote: > On Sun, 15 Feb 2009 00:43:17 +0100 > Fons Adriaensen <f...@kokkinizita.net> wrote: > > > On Sat, Feb 14, 2009 at 11:55:13PM +0100, Julien Claassen wrote: > > > > > 8226 ? Ss 0:00 sshd: unknown [priv] > > > 8227 ? S 0:00 sshd: unknown [net] > > > > > Just before that I only saw "sshd [accept]" and "sshd [net]". > > > Shutdown sshd and made new password and restarted sshd. Now it's the > > > same. > > > Can I easily check where it's coming from and what it's doing. I don't > > > see > > > anything besides those two lines. No other strange processes. > > > > Someone is trying a ssh login - usually from the former > > east block - and probably trying a list of user names > > and passwords. Do (as root) tail -50 /var/log/secure > > to see the show. > > > > It happens here all the time. As long as you don't have > > any easily guessed user/passwd combinations the danger > > is limited, and closing your network connection for a > > minute usually makes them go away. Configuring sshd to > > allow only dsa authentication is better of course. > > I changed the port sshd runs on because I got sick of the > clickety click as logs were written due to brute force login > attempts. Not an option for everyone but it did the trick > nicely for me. Port knocking is another option.
Another option is a service called denyhosts, it adds entries to /etc/hosts.deny for each host from which a defined number of failed logins happen. So the attacking hosts are dropped out as they try passwords and hopefully fail... http://denyhosts.sourceforge.net/ -- Fernando _______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/mailman/listinfo/linux-audio-dev
