RE: Allowing remote root login seems to be bad. Why?



Date: Tue, 3 Jun 2008 11:47:26 -0400
From: David Bruce <dbruce@xxxxxxxxxxxxx>
To: secureshell@xxxxxxxxxxxxxxxxx
Subject: RE: Allowing remote root login seems to be bad. Why?

If I can add my 2 cents, I recommend also changing the ssh port. It
cuts down on a lot of hack attempts.

From my own experience this is well worthwhile.

Before I changed the ssh port on my server I used to have 2-3 dictionary
attacks a day with several hundred to several thousand attempts per
attack.

The system was 'safe' since I only allowed one login name (with a 'good'
password) but the growing log files were getting irritating.

Now the only login attempts I get are my own.

TTFN,

Philip Riebold, p.riebold@xxxxxxxxx /"\
Media Services \ /
University College London X ASCII Ribbon Campaign
Windeyer Building, 46 Cleveland Street / \ Against HTML Mail
London, W1T 4JF
+44 (0)20 7679 9259 (switchboard), 09259 (internal)



Relevant Pages

  • Re: iptables in linux
    ... -the number of times a username can be tried, prefer it set at 2 and ... If someone tries to login 3 times within 40 seconds then ant further ... so I add a separate chain and jump to that chain at the top of the ... Set the ssh port to something other than 22 (some high number like ...
    (Fedora)
  • Re: [Full-disclosure] reduction of brute force log
    ... Source quench and redirect are both powerful, ... The 1599-1601 ports are used to open/close the ssh port, ... [Full-disclosure] reduction of brute force login attempts via SSH through iptables --hashlimit ...
    (Full-Disclosure)
  • Simple-ish question
    ... I've set up a Dovecot imap server on my home linux box (on a dynamic IP ... I've opened up the SSH port so i can make changes ... liberally sprinkled with multiple attempts to login from single ips. ...
    (comp.mail.imap)
  • Re: too many illegal connection attempts through ssh
    ... > server from a suspicious hacker. ... > IP address if it is attempting to guess my login usernames? ... ssh port to something else, like a high numbered port that's otherwise ... the best way to deal with this is through the firewall rather than ...
    (freebsd-questions)
  • Re: Limit the number of erroneous logins of root from the same IP
    ... After the limit that IP can not try to login anymore. ... be careful about reacting to spoof attacks. ... I've seen idiots trying to spoof login attempts from ... It offered three options - add a host reject route (man ...
    (alt.os.linux.redhat)