Anybody getting ssh bruce force attacks?

Shane Shields shane.shields at
Sun Nov 20 23:14:32 PST 2005

Gerard Beekmans wrote:

> Hey guys,
> Just wondering who else has been getting these. I have a /24 IP space 
> that seems to be targeted lately for sshd bruce force attacks. I can't 
> seem to keep up with firewalling the bad guys out. Luckily there's no 
> such thing as weak passwords on the servers I have access to, so all 
> should be well. For now anyway. It's just annoying.
> Yeah I could block all access to port 22 and only allow a select few 
> IP addresses access but this makes things cumbersome when I try to 
> login to my machine when I'm out of town.
> The only maybe way around this is create a web app where I can input 
> IP addresses that can SSH and some cronjob to check for changes and 
> update the firewall accordingly.
> Does anybody have other ideas? I'd like to keep ssh open for 
> convenience reasons. It'd really suck if I block the world, am out of 
> town, get an emergency call for work, and "oops I can't login until 
> I'm home again which will be in a few days. Sorry boss, you'll just 
> have to live with the downed service until then." That's not going to 
> go over very well.
These type of attacks are on the rise and both my machine and works 
servers are targeted every day. If you have strong passwords then there 
is not too much to worry about. There are several blockers out on the 
net that are quite good. If you search for them on google you will get 
several straight off. I dont have the names in my head atm, sorry. 
Another thing you can do is go over your sshd_config file with a fine 
toothed comb and disable root login, allow only you as a user (assuming 
that just you will be logging in) and set your MaxStartups to 3/75/10


Shane Shields

Registered LFS Compiler: 7582
To drink the WINE of success you must first seek the sayings of source

Anyone sending unwanted advertising e-mail to this address will be charged $25 for network traffic and computing time. By extracting my address from this message or its header, you agree to these terms.

More information about the lfs-support mailing list