Try to protect your ssh with tcp wrappers.
----- Original Message -----
From: "dadirtyluk"
yo,
i've seen these login attempts on two of my machines, too!
don't know where that comes from, but sometimes in the night i could see plenty pages of denied login attempts.
a few weeks ago that stopped, but i didn't do anything to avoid these attempts...silly thing, since it were the same users as for you and some more different users, but none of them existed locally!
but it sucked quite a bit to see these log entries over and over again!
regards luk
-----Ursprüngliche Nachricht----- Von: suse@rio.vg [mailto:suse@rio.vg] Gesendet: Montag, 20. September 2004 17:40 An: suse-security@suse.com Betreff: [suse-security] SSH password attacks
This may not be strictly SuSE related, but what the heck: Lately, I've been getting tons of attempts to login via ssh for "guest", "test", "user", and "admin". Plenty others for root, and even one that seemed to have been a list of some script kiddie's /etc/passwd. The root ones are pretty obvious and always blocked, but I've found the others rather curious.
Does anyone running a unix server really use "guest", "test", "user", or "admin" as real accounts? Judging by the volume of attempts I'm getting, there has to be something causing this. Was a borked version of ssh server released for windows, or something? Or is this trying to connect to zombie machines? From what I understand, ssh server isn't common on windows, and those accounts certainly aren't common to unix... Anyone know what's going on here?
(I'm not worried about my machines, root is blocked by sshd and I don't have the other accounts, I'm just curious.)
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here