Date: Mon, 3 Oct 2005 12:48:21 -0400 From: Garrett Wollman <wollman@csail.mit.edu> To: Clemens Renner <claim@rinux.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Repeated attacks via SSH Message-ID: <17217.24789.489670.458355@khavrinen.csail.mit.edu> In-Reply-To: <43410F51.5010607@rinux.net> References: <6.2.3.4.2.20051002153930.07a50528@localhost> <20051003145046.A30969@plexi.pun-pun.prv> <43410F51.5010607@rinux.net>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 03 Oct 2005 13:00:33 +0200, Clemens Renner <claim@rinux.net> said: > Failed password for illegal user qscand from 217.20.119.212 port 50657 ssh2 I modified my version of /etc/periodic/security/800.loginfail to filter out all the "illegal user" messages from sshd; otherwise I would be getting about 24,000 lines of crap a night in my security report (3,000 attempts per host times eight hosts). Since all of the machines I care about have very limited access, I don't lose anything by not overwhelming my security mail with unimportant failures. I also aggressively use AllowUsers/AllowGroups in sshd_config to limit exposure even more. (That way, I don't have to see all the failures for "www" and "pgsql" as well.) -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17217.24789.489670.458355>