![](https://seccdn.libravatar.org/avatar/27aacf61a13c66fcc083fcf8a84823bc.jpg?s=120&d=mm&r=g)
Philip Dowie wrote:
oh come on now, why are you generating private mails aka spam?
denyhosts has a centrally maintaned list? wow, my version must be old. <http://stats.denyhosts.net/stats.html>
sync to the xmlrpc server of denyhosts. check your denyhosts config file.
sorry, almost always forget that to reply to the list is a manual step for me
Philip, The best solution I've found is to simply move ssh to a high port. I used to have 300-3000 log entries per day of script kiddies trying to hack my ssh on port 22. I moved ssh to a high port several months ago and I have had *zero* attempts to crack my system since. The process is simple: Philip, The best solution I've found is to simply move ssh to a high port. I used to have 300-3000 log entries per day of script kiddies trying to hack my ssh on port 22. I moved ssh to a high port several months ago and I have had *zero* attempts to crack my system since. The process is simple: (1) look at /etc/services and find an available high port you want to use. If you have multiple machines you want to set on different ports then find a range or ports that are open: [09:33 alchemy:/var/lib] # grep -i unassigned /etc/services <snip> # 9537-9554 Unassigned # 9556-9591 Unassigned # 9601-9611 Unassigned # 9613-9627 Unassigned <snip> Edit /etc/services, comment out ssh on port 22, uncomment the ports you want to use and change 'Unassigned' to 'ssh'. Example #ssh 22/tcp # SSH Remote Login Protocol #ssh 22/udp # SSH Remote Login Protocol #ssh 22/sctp # SSH ssh 9537/tcp # SSH Remote Login Protocol ssh 9537/udp # SSH Remote Login Protocol ssh 9537/sctp # SSH # 9538-9554 Unassigned (2) Edit /etc/ssh/sshd_config Change the ssh port: #Port 22 Port 9537 **NOTE: for added security set up ssh keys for access and disable password authentication: # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no (3) Create or edit /etc/ssh/ssh_config for system wide configuration or ~/.ssh/config for per-user configuration and tell the system what host is on what port. The syntax is a "Host/Port" pair for each box (each on a separate line). Example: Host arete.3111skyline.com arete Port 22 Host ecstasy.3111skyline.com ecstacy Port 9537 (4) Then simply restart or reload ssh to read in the new configuration and all your troubles with unauthorized ssh login attempts will be a thing of the past! Providing the "Host/Port" configuration directive for each machine makes the change seamless to the user. They simple type ssh machine and it works. No need to type ssh -p <port> machine and the change works seamlessly for scp, rsync, etc.. This was the only cure I found that works HTH... -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org