David C. Rankin wrote:
On Saturday 03 October 2009 06:21:32 am Per Jessen wrote:
Has anyone else noticed the wave of coordinated, distributed ssh attacks? Since Sep30 around 2100CET, I see a login attempt about once a minute, but coming from different IP-addresses. Looks like a coordinated attempt to circumvent the firewalls that block based on too many unsuccessful attempts.
/Per
Per,
Have you moved ssh to a high port yet? If you do, all noise on your ssh port will cease. Worth its weight in gold!
Until this distributed attack my regular method of blocking based on number of attempts from a single IP has worked just fine, but yes, I've now moved sshd to another port on all my external systems. The local systems don't allow external ssh access. I'm still considering moving to the no-password-login setup as Hans Witvliet suggested. It's clearly the optimal solution, I'm just a little concerned about the management when each server needs to "know" about (need to have the key) each possible client. /Per -- Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org