lots of login attempts on my openbsd machine

Missing Ghost · Apr 24, 2006

Hi,
I'm very new to unix-like operating systems.
I just discovered this file called "authlog" in my /var/log directory. When I open it and all of the older gunzipped authlog files, I see a lot of things like this:

Apr 24 17:36:24 klonk sshd[22861]: Did not receive identification string from 200.117.249.63
Apr 24 17:43:24 klonk sshd[24546]: Invalid user admin from 200.117.249.63
Apr 24 17:43:24 klonk sshd[14867]: input_userauth_request: invalid user admin
Apr 24 17:43:24 klonk sshd[14867]: Failed password for invalid user admin from 200.117.249.63 port 53654 ssh2
Apr 24 17:43:24 klonk sshd[24546]: Failed password for invalid user admin from 200.117.249.63 port 53654 ssh2
Apr 24 17:43:25 klonk sshd[14867]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:43:31 klonk sshd[10866]: Invalid user administrator from 200.117.249.63
Apr 24 17:43:31 klonk sshd[5675]: input_userauth_request: invalid user administrator
Apr 24 17:43:31 klonk sshd[5675]: Failed password for invalid user administrator from 200.117.249.63 port 53771 ssh2
Apr 24 17:43:31 klonk sshd[10866]: Failed password for invalid user administrator from 200.117.249.63 port 53771 ssh2
Apr 24 17:43:31 klonk sshd[5675]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:43:38 klonk sshd[5937]: Invalid user jack from 200.117.249.63
Apr 24 17:43:38 klonk sshd[7178]: input_userauth_request: invalid user jack
Apr 24 17:43:38 klonk sshd[7178]: Failed password for invalid user jack from 200.117.249.63 port 53873 ssh2
Apr 24 17:43:38 klonk sshd[5937]: Failed password for invalid user jack from 200.117.249.63 port 53873 ssh2
Apr 24 17:43:38 klonk sshd[7178]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:43:44 klonk sshd[12942]: Invalid user marvin from 200.117.249.63
Apr 24 17:43:44 klonk sshd[10307]: input_userauth_request: invalid user marvin
Apr 24 17:43:44 klonk sshd[10307]: Failed password for invalid user marvin from 200.117.249.63 port 53970 ssh2
Apr 24 17:43:44 klonk sshd[12942]: Failed password for invalid user marvin from 200.117.249.63 port 53970 ssh2
Apr 24 17:43:45 klonk sshd[10307]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:43:51 klonk sshd[30885]: Invalid user andres from 200.117.249.63
Apr 24 17:43:51 klonk sshd[32334]: input_userauth_request: invalid user andres
Apr 24 17:43:51 klonk sshd[32334]: Failed password for invalid user andres from 200.117.249.63 port 54074 ssh2
Apr 24 17:43:51 klonk sshd[30885]: Failed password for invalid user andres from 200.117.249.63 port 54074 ssh2
Apr 24 17:43:52 klonk sshd[32334]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:43:58 klonk sshd[13967]: Invalid user barbara from 200.117.249.63
Apr 24 17:43:58 klonk sshd[25573]: input_userauth_request: invalid user barbara
Apr 24 17:43:58 klonk sshd[25573]: Failed password for invalid user barbara from 200.117.249.63 port 54165 ssh2
Apr 24 17:43:58 klonk sshd[13967]: Failed password for invalid user barbara from 200.117.249.63 port 54165 ssh2
Apr 24 17:43:58 klonk sshd[25573]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:44:04 klonk sshd[29652]: Invalid user adine from 200.117.249.63
Apr 24 17:44:04 klonk sshd[5196]: input_userauth_request: invalid user adine
Apr 24 17:44:04 klonk sshd[5196]: Failed password for invalid user adine from 200.117.249.63 port 54253 ssh2
Apr 24 17:44:04 klonk sshd[29652]: Failed password for invalid user adine from 200.117.249.63 port 54253 ssh2
Apr 24 17:44:05 klonk sshd[5196]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:44:10 klonk sshd[724]: Invalid user test from 200.117.249.63
Apr 24 17:44:10 klonk sshd[17679]: input_userauth_request: invalid user test
Apr 24 17:44:10 klonk sshd[17679]: Failed password for invalid user test from 200.117.249.63 port 54346 ssh2
Apr 24 17:44:10 klonk sshd[724]: Failed password for invalid user test from 200.117.249.63 port 54346 ssh2
Apr 24 17:44:11 klonk sshd[17679]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:44:17 klonk sshd[15408]: Invalid user guest from 200.117.249.63
Apr 24 17:44:17 klonk sshd[19765]: input_userauth_request: invalid user guest
Apr 24 17:44:17 klonk sshd[19765]: Failed password for invalid user guest from 200.117.249.63 port 54449 ssh2
Apr 24 17:44:17 klonk sshd[15408]: Failed password for invalid user guest from 200.117.249.63 port 54449 ssh2
Apr 24 17:44:17 klonk sshd[19765]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:44:23 klonk sshd[27358]: Invalid user db from 200.117.249.63
Apr 24 17:44:23 klonk sshd[9945]: input_userauth_request: invalid user db
Apr 24 17:44:23 klonk sshd[9945]: Failed password for invalid user db from 200.117.249.63 port 54543 ssh2
Apr 24 17:44:23 klonk sshd[27358]: Failed password for invalid user db from 200.117.249.63 port 54543 ssh2
Apr 24 17:44:23 klonk sshd[9945]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:44:29 klonk sshd[15592]: Invalid user ahmed from 200.117.249.63
Apr 24 17:44:29 klonk sshd[18909]: input_userauth_request: invalid user ahmed
Apr 24 17:44:29 klonk sshd[18909]: Failed password for invalid user ahmed from 200.117.249.63 port 54627 ssh2
Apr 24 17:44:29 klonk sshd[15592]: Failed password for invalid user ahmed from 200.117.249.63 port 54627 ssh2
Apr 24 17:44:30 klonk sshd[18909]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:44:35 klonk sshd[24038]: Invalid user alan from 200.117.249.63
Apr 24 17:44:35 klonk sshd[12117]: input_userauth_request: invalid user alan
Apr 24 17:44:35 klonk sshd[12117]: Failed password for invalid user alan from 200.117.249.63 port 54716 ssh2
Apr 24 17:44:35 klonk sshd[24038]: Failed password for invalid user alan from 200.117.249.63 port 54716 ssh2
Apr 24 17:44:36 klonk sshd[12117]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:44:41 klonk sshd[2663]: Invalid user albert from 200.117.249.63
Apr 24 17:44:41 klonk sshd[18317]: input_userauth_request: invalid user albert
Apr 24 17:44:41 klonk sshd[18317]: Failed password for invalid user albert from 200.117.249.63 port 54802 ssh2
Apr 24 17:44:41 klonk sshd[2663]: Failed password for invalid user albert from 200.117.249.63 port 54802 ssh2
Apr 24 17:44:42 klonk sshd[18317]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:44:47 klonk sshd[30148]: Invalid user alberto from 200.117.249.63
Apr 24 17:44:47 klonk sshd[20701]: input_userauth_request: invalid user alberto
Apr 24 17:44:47 klonk sshd[20701]: Failed password for invalid user alberto from 200.117.249.63 port 54892 ssh2
Apr 24 17:44:47 klonk sshd[30148]: Failed password for invalid user alberto from 200.117.249.63 port 54892 ssh2
Apr 24 17:44:48 klonk sshd[20701]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:44:54 klonk sshd[9041]: Invalid user alex from 200.117.249.63
Apr 24 17:44:54 klonk sshd[1858]: input_userauth_request: invalid user alex
Apr 24 17:44:54 klonk sshd[1858]: Failed password for invalid user alex from 200.117.249.63 port 54977 ssh2
Apr 24 17:44:54 klonk sshd[9041]: Failed password for invalid user alex from 200.117.249.63 port 54977 ssh2
Apr 24 17:44:54 klonk sshd[1858]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:45:00 klonk sshd[23856]: Invalid user alfred from 200.117.249.63
Apr 24 17:45:00 klonk sshd[8410]: input_userauth_request: invalid user alfred
Apr 24 17:45:00 klonk sshd[8410]: Failed password for invalid user alfred from 200.117.249.63 port 55065 ssh2
Apr 24 17:45:00 klonk sshd[23856]: Failed password for invalid user alfred from 200.117.249.63 port 55065 ssh2
Apr 24 17:45:01 klonk sshd[8410]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:45:07 klonk sshd[15659]: Invalid user ali from 200.117.249.63
Apr 24 17:45:07 klonk sshd[21037]: input_userauth_request: invalid user ali
Apr 24 17:45:07 klonk sshd[21037]: Failed password for invalid user ali from 200.117.249.63 port 55157 ssh2
Apr 24 17:45:07 klonk sshd[15659]: Failed password for invalid user ali from 200.117.249.63 port 55157 ssh2
Apr 24 17:45:08 klonk sshd[21037]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:45:14 klonk sshd[8839]: Invalid user alice from 200.117.249.63
Apr 24 17:45:14 klonk sshd[12759]: input_userauth_request: invalid user alice
Apr 24 17:45:14 klonk sshd[12759]: Failed password for invalid user alice from 200.117.249.63 port 55246 ssh2
Apr 24 17:45:14 klonk sshd[8839]: Failed password for invalid user alice from 200.117.249.63 port 55246 ssh2
Apr 24 17:45:15 klonk sshd[12759]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:45:20 klonk sshd[28319]: Invalid user allan from 200.117.249.63
Apr 24 17:45:20 klonk sshd[19257]: input_userauth_request: invalid user allan
Apr 24 17:45:20 klonk sshd[19257]: Failed password for invalid user allan from 200.117.249.63 port 55337 ssh2
Apr 24 17:45:20 klonk sshd[28319]: Failed password for invalid user allan from 200.117.249.63 port 55337 ssh2
Apr 24 17:45:21 klonk sshd[19257]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:45:30 klonk sshd[1011]: Invalid user andi from 200.117.249.63
Apr 24 17:45:30 klonk sshd[15179]: input_userauth_request: invalid user andi
Apr 24 17:45:30 klonk sshd[15179]: Failed password for invalid user andi from 200.117.249.63 port 55421 ssh2
Apr 24 17:45:30 klonk sshd[1011]: Failed password for invalid user andi from 200.117.249.63 port 55421 ssh2
Apr 24 17:45:31 klonk sshd[15179]: Received disconnect from 200.117.249.63: 11: Bye Bye
Apr 24 17:45:41 klonk sshd[5130]: Invalid user andrew from 200.117.249.63
Apr 24 17:45:41 klonk sshd[5495]: input_userauth_request: invalid user andrew
Apr 24 17:45:41 klonk sshd[5495]: Failed password for invalid user andrew from 200.117.249.63 port 56313 ssh2
Apr 24 17:45:41 klonk sshd[5495]: Connection closed by 200.117.249.63
Apr 24 17:45:41 klonk sshd[5130]: Failed password for invalid user andrew from 200.117.249.63 port 56313 ssh2
Apr 24 18:55:05 klonk sshd[31532]: Did not receive identification string from 200.27.55.172
Apr 24 19:02:16 klonk sshd[30091]: Invalid user admin from 200.27.55.172
Apr 24 19:02:16 klonk sshd[32328]: input_userauth_request: invalid user admin
Apr 24 19:02:16 klonk sshd[32328]: Failed password for invalid user admin from 200.27.55.172 port 45299 ssh2
Apr 24 19:02:16 klonk sshd[30091]: Failed password for invalid user admin from 200.27.55.172 port 45299 ssh2
Apr 24 19:02:17 klonk sshd[32328]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:19 klonk sshd[10517]: Invalid user administrator from 200.27.55.172
Apr 24 19:02:19 klonk sshd[19851]: input_userauth_request: invalid user administrator
Apr 24 19:02:19 klonk sshd[19851]: Failed password for invalid user administrator from 200.27.55.172 port 45384 ssh2
Apr 24 19:02:19 klonk sshd[10517]: Failed password for invalid user administrator from 200.27.55.172 port 45384 ssh2
Apr 24 19:02:19 klonk sshd[19851]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:26 klonk sshd[11425]: Invalid user jack from 200.27.55.172
Apr 24 19:02:26 klonk sshd[5962]: input_userauth_request: invalid user jack
Apr 24 19:02:26 klonk sshd[5962]: Failed password for invalid user jack from 200.27.55.172 port 45420 ssh2
Apr 24 19:02:26 klonk sshd[11425]: Failed password for invalid user jack from 200.27.55.172 port 45420 ssh2
Apr 24 19:02:26 klonk sshd[5962]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:28 klonk sshd[19715]: Invalid user marvin from 200.27.55.172
Apr 24 19:02:28 klonk sshd[16414]: input_userauth_request: invalid user marvin
Apr 24 19:02:28 klonk sshd[16414]: Failed password for invalid user marvin from 200.27.55.172 port 45912 ssh2
Apr 24 19:02:28 klonk sshd[19715]: Failed password for invalid user marvin from 200.27.55.172 port 45912 ssh2
Apr 24 19:02:28 klonk sshd[16414]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:31 klonk sshd[18334]: Invalid user andres from 200.27.55.172
Apr 24 19:02:31 klonk sshd[24847]: input_userauth_request: invalid user andres
Apr 24 19:02:31 klonk sshd[24847]: Failed password for invalid user andres from 200.27.55.172 port 46356 ssh2
Apr 24 19:02:31 klonk sshd[18334]: Failed password for invalid user andres from 200.27.55.172 port 46356 ssh2
Apr 24 19:02:31 klonk sshd[24847]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:33 klonk sshd[20261]: Invalid user barbara from 200.27.55.172
Apr 24 19:02:33 klonk sshd[14758]: input_userauth_request: invalid user barbara
Apr 24 19:02:33 klonk sshd[14758]: Failed password for invalid user barbara from 200.27.55.172 port 46400 ssh2
Apr 24 19:02:33 klonk sshd[20261]: Failed password for invalid user barbara from 200.27.55.172 port 46400 ssh2
Apr 24 19:02:34 klonk sshd[14758]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:37 klonk sshd[22585]: Invalid user adine from 200.27.55.172
Apr 24 19:02:37 klonk sshd[7235]: input_userauth_request: invalid user adine
Apr 24 19:02:37 klonk sshd[7235]: Failed password for invalid user adine from 200.27.55.172 port 46861 ssh2
Apr 24 19:02:37 klonk sshd[22585]: Failed password for invalid user adine from 200.27.55.172 port 46861 ssh2
Apr 24 19:02:37 klonk sshd[7235]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:43 klonk sshd[4532]: Invalid user test from 200.27.55.172
Apr 24 19:02:43 klonk sshd[28897]: input_userauth_request: invalid user test
Apr 24 19:02:43 klonk sshd[28897]: Failed password for invalid user test from 200.27.55.172 port 47319 ssh2
Apr 24 19:02:43 klonk sshd[4532]: Failed password for invalid user test from 200.27.55.172 port 47319 ssh2
Apr 24 19:02:43 klonk sshd[28897]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:45 klonk sshd[5802]: Invalid user guest from 200.27.55.172
Apr 24 19:02:45 klonk sshd[19418]: input_userauth_request: invalid user guest
Apr 24 19:02:45 klonk sshd[19418]: Failed password for invalid user guest from 200.27.55.172 port 47802 ssh2
Apr 24 19:02:45 klonk sshd[5802]: Failed password for invalid user guest from 200.27.55.172 port 47802 ssh2
Apr 24 19:02:45 klonk sshd[19418]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:47 klonk sshd[2360]: Invalid user db from 200.27.55.172
Apr 24 19:02:47 klonk sshd[5423]: input_userauth_request: invalid user db
Apr 24 19:02:47 klonk sshd[5423]: Failed password for invalid user db from 200.27.55.172 port 47846 ssh2
Apr 24 19:02:47 klonk sshd[2360]: Failed password for invalid user db from 200.27.55.172 port 47846 ssh2
Apr 24 19:02:47 klonk sshd[5423]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:54 klonk sshd[27629]: Invalid user ahmed from 200.27.55.172
Apr 24 19:02:54 klonk sshd[1888]: input_userauth_request: invalid user ahmed
Apr 24 19:02:54 klonk sshd[1888]: Failed password for invalid user ahmed from 200.27.55.172 port 48258 ssh2
Apr 24 19:02:54 klonk sshd[27629]: Failed password for invalid user ahmed from 200.27.55.172 port 48258 ssh2
Apr 24 19:02:54 klonk sshd[1888]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:56 klonk sshd[5271]: Invalid user alan from 200.27.55.172
Apr 24 19:02:56 klonk sshd[22305]: input_userauth_request: invalid user alan
Apr 24 19:02:57 klonk sshd[22305]: Failed password for invalid user alan from 200.27.55.172 port 48763 ssh2
Apr 24 19:02:57 klonk sshd[5271]: Failed password for invalid user alan from 200.27.55.172 port 48763 ssh2
Apr 24 19:02:57 klonk sshd[22305]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:02:59 klonk sshd[4672]: Invalid user albert from 200.27.55.172
Apr 24 19:02:59 klonk sshd[1490]: input_userauth_request: invalid user albert
Apr 24 19:02:59 klonk sshd[1490]: Failed password for invalid user albert from 200.27.55.172 port 49186 ssh2
Apr 24 19:02:59 klonk sshd[4672]: Failed password for invalid user albert from 200.27.55.172 port 49186 ssh2
Apr 24 19:02:59 klonk sshd[1490]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:03:03 klonk sshd[3188]: Invalid user alberto from 200.27.55.172
Apr 24 19:03:03 klonk sshd[9376]: input_userauth_request: invalid user alberto
Apr 24 19:03:03 klonk sshd[9376]: Failed password for invalid user alberto from 200.27.55.172 port 49227 ssh2
Apr 24 19:03:03 klonk sshd[3188]: Failed password for invalid user alberto from 200.27.55.172 port 49227 ssh2
Apr 24 19:03:03 klonk sshd[9376]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:03:08 klonk sshd[25836]: Invalid user alex from 200.27.55.172
Apr 24 19:03:08 klonk sshd[28411]: input_userauth_request: invalid user alex
Apr 24 19:03:08 klonk sshd[28411]: Failed password for invalid user alex from 200.27.55.172 port 49675 ssh2
Apr 24 19:03:08 klonk sshd[25836]: Failed password for invalid user alex from 200.27.55.172 port 49675 ssh2
Apr 24 19:03:08 klonk sshd[28411]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:03:10 klonk sshd[21319]: Invalid user alfred from 200.27.55.172
Apr 24 19:03:10 klonk sshd[22953]: input_userauth_request: invalid user alfred
Apr 24 19:03:10 klonk sshd[22953]: Failed password for invalid user alfred from 200.27.55.172 port 50132 ssh2
Apr 24 19:03:10 klonk sshd[21319]: Failed password for invalid user alfred from 200.27.55.172 port 50132 ssh2
Apr 24 19:03:10 klonk sshd[22953]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:03:13 klonk sshd[29024]: Invalid user ali from 200.27.55.172
Apr 24 19:03:13 klonk sshd[31544]: input_userauth_request: invalid user ali
Apr 24 19:03:13 klonk sshd[31544]: Failed password for invalid user ali from 200.27.55.172 port 50176 ssh2
Apr 24 19:03:13 klonk sshd[29024]: Failed password for invalid user ali from 200.27.55.172 port 50176 ssh2
Apr 24 19:03:13 klonk sshd[31544]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:03:19 klonk sshd[1085]: Invalid user alice from 200.27.55.172
Apr 24 19:03:19 klonk sshd[21883]: input_userauth_request: invalid user alice
Apr 24 19:03:19 klonk sshd[21883]: Failed password for invalid user alice from 200.27.55.172 port 50603 ssh2
Apr 24 19:03:19 klonk sshd[1085]: Failed password for invalid user alice from 200.27.55.172 port 50603 ssh2
Apr 24 19:03:19 klonk sshd[21883]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:03:21 klonk sshd[15033]: Invalid user allan from 200.27.55.172
Apr 24 19:03:21 klonk sshd[31531]: input_userauth_request: invalid user allan
Apr 24 19:03:21 klonk sshd[31531]: Failed password for invalid user allan from 200.27.55.172 port 51080 ssh2
Apr 24 19:03:21 klonk sshd[15033]: Failed password for invalid user allan from 200.27.55.172 port 51080 ssh2
Apr 24 19:03:21 klonk sshd[31531]: Received disconnect from 200.27.55.172: 11: Bye Bye
Apr 24 19:03:31 klonk sshd[17045]: Connection closed by 200.27.55.172

So, I would like to know if it's usual to have this kind of stuff on your unix-compatible systems. Is this really common? Should I worry about it? Why does it looks like somebody always want to log? (there is nothing important on that machine, it's just my personal server) I looked in the older logs and there is a lot of other stuff like this, but they come from very different IP adresses all the time.

P0ldy · Apr 24, 2006

I don't know what you're using the system for, but the easiest fix it to stop the ssh daemon if you don't need it. If you do, typically you could change the default port number and disallow remote root logins... but I see a few different ports there (and not standard '22'), so maybe it's an OpenBSD thing, never used it.

Missing Ghost · Apr 24, 2006

hum no I cannot disable sshd since I use it so much.
Is there a way to disallow logins from a particular IP adress if x unsuccesful login attempts happen in y minutes???

nweaver · Apr 24, 2006

-A RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state
NEW -m recent --set --name DEFAULT --rsource
-A RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state
NEW -m recent --update --seconds 60 --hitcount 4 --name DEFAULT
--rsource -j DROP
-A RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state
NEW -m recent --update --seconds 60 --hitcount 4 --name DEFAULT
--rsource -j LOG --log-prefix "SSH Brute Force Attempt: "

is a rough script using IPtables (linux) to drop stuff like this. I dont' think there is a way in SSH, but your firewall should be able to do this.

I would change to a nonstandard port, I used to get lots of attempts. I have had 0 in 2 years now that I have moved it up to the 2000+ range

Missing Ghost · Apr 24, 2006

So you think that inserting rules in the firewall is the best way to avoid this?
How would you do this with PF?
I don't want to change the standard port since it's more convenient like that.

P0ldy · Apr 25, 2006

More convenient?

# ssh -P 313

Not a lot more difficult than that. You could even alias it so # sshs puts the command in for you.

phisrow · Apr 25, 2006

Disabling password logins and using a keypair is considered to be best, to avoid brute forcing.

Need4Speed · Apr 25, 2006

Originally posted by: phisrow
Disabling password logins and using a keypair is considered to be best, to avoid brute forcing.

bingo...best way

nweaver · Apr 25, 2006

Keys is another aspect of the *nix world making me lazy

Missing Ghost · Apr 25, 2006

keypair?

phisrow · Apr 25, 2006

http://www1.physics.ox.ac.uk/help/ssh-key.html is a decent basic outline.

In essence, you generate a linked public/private pair of keys and send the public key to the server. Your possession of the private key then allows you to log in without a password. You can then shut off password logins altogether, which makes brute force attacks functionally impossible(before the end of the universe, at any rate).

http://openssh.org/manual.html is detailed information straight from the developers.

Be sure to keep your private key safe!

n0cmonkey · Apr 26, 2006

Limit the number of connections from other hosts. http://www.openbsd.org/faq/pf/filter.html has more information. Remember to disable root login for sshd, and use strong passwords. Move SSH to a non-standard port if necessary.

scottws · Apr 26, 2006

I tried to get the keypair working between my Debian Sarge box (OpenSSH server) and my Windows XP machine using the SSH Secure Shell client from ssh.com (not the for-pay Tectia client), and I just couldn't get it to work. It asks for my password every time. Trying to set the SSH Secure Shell client to only authenticate by Public Key (as opposed to my profile which allows PAM and keyboard-interactive as well) resulted in the server telling me that "no more methods of authentication are available."

No manner of key generation for RSA or DSA and uploading and renaming files could get around this conundrum.

n0cmonkey · Apr 26, 2006

Originally posted by: scottws
I tried to get the keypair working between my Debian Sarge box (OpenSSH server) and my Windows XP machine using the SSH Secure Shell client from ssh.com (not the for-pay Tectia client), and I just couldn't get it to work. It asks for my password every time. Trying to set the SSH Secure Shell client to only authenticate by Public Key (as opposed to my profile which allows PAM and keyboard-interactive as well) resulted in the server telling me that "no more methods of authentication are available."

No manner of key generation for RSA or DSA and uploading and renaming files could get around this conundrum.

Make sure SSH.com's client can use OpenSSH keys, or vice versa. I know PuTTY use(s/d?) incompatible keys.

Try it with an OpenSSH server and an OpenSSH client.

nweaver · Apr 26, 2006

putty+pagent+putty keygen ftw

n0cmonkey · Apr 26, 2006

Originally posted by: nweaver
putty+pagent+putty keygen ftw

OpenSSH + uhhh, that's all you need. :evil:

scottws · Apr 26, 2006

Originally posted by: n0cmonkey
Make sure SSH.com's client can use OpenSSH keys, or vice versa. I know PuTTY use(s/d?) incompatible keys.

I think you hit the nail on the head there. I've seen references mentioning that SSH Secure Shell and SSH Tectia Client don't use the same key signature as OpenSSH, and there were references to having to convert it. Unfortunately, I couldn't really find a definitive guide on how to do so.

The closest I got was for the Tectia Client, but it's not the same as the Secure Shell and I can't replicate it.

Search

lots of login attempts on my openbsd machine

Missing Ghost

Senior member

P0ldy

Senior member

Missing Ghost

Senior member

nweaver

Diamond Member

Missing Ghost

Senior member

P0ldy

Senior member

phisrow

Golden Member

Need4Speed

Diamond Member

nweaver

Diamond Member

Missing Ghost

Senior member

phisrow

Golden Member

n0cmonkey

Elite Member

scottws

Senior member

n0cmonkey

Elite Member

nweaver

Diamond Member

n0cmonkey

Elite Member

scottws

Senior member

TRENDING THREADS