break-in attempt in my machine
Jonesy
SPAM_TRAP_gmane at jonz.net
Sat Aug 27 22:50:49 UTC 2016
On Sat, 27 Aug 2016 21:58:05 +1000, Karl Auer wrote:
> On Sat, 2016-08-27 at 12:54 +0200, Volker Wysk wrote:
>> This already goes on like this since yesterday. For me, this looks
>> like someone tries to break in my machine via SSH, by trying many
>> possible?passwords.
>
> Almost certainly yes.
>
> Having ssh open to the world is better than having most other things
> open to the world. but there are quite a few things you can do to make
> a successful attack less likely. In order of goodness:
>
> 1: Turn off password access; require a publickey login.
1.5: Disable root login via ssh
> 2: Move ssh to a different port. Choose a random number between 1024
> and 65000 and put ssh on that port.
+1 !
I did that and in the 3 years since I've only had TWO (2!) singular hits
on my ssh port -- and both of those appeared to be innocent screwups
from the other end. Before that I was getting hundreds (sometimes
1,000's) of ssh login attempts on port 20 per day.
> 8: Consider setting up something like fail2ban, which will blacklist
> the IP address of anyone who tries (and fails) too frequently.
Recommended, also: sshguard
Make sure you have at least one ssh login active before you start
messing around with the config files. :-)
Jonesy
More information about the ubuntu-users
mailing list