On Sun, 15 Feb 2009 00:43:17 +0100
Fons Adriaensen <fons@email-addr-hidden> wrote:
> On Sat, Feb 14, 2009 at 11:55:13PM +0100, Julien Claassen wrote:
>
> > 8226 ? Ss 0:00 sshd: unknown [priv]
> > 8227 ? S 0:00 sshd: unknown [net]
>
> > Just before that I only saw "sshd [accept]" and "sshd [net]".
> > Shutdown sshd and made new password and restarted sshd. Now it's the same.
> > Can I easily check where it's coming from and what it's doing. I don't see
> > anything besides those two lines. No other strange processes.
>
> Someone is trying a ssh login - usually from the former
> east block - and probably trying a list of user names
> and passwords. Do (as root) tail -50 /var/log/secure
> to see the show.
>
> It happens here all the time. As long as you don't have
> any easily guessed user/passwd combinations the danger
> is limited, and closing your network connection for a
> minute usually makes them go away. Configuring sshd to
> allow only dsa authentication is better of course.
I changed the port sshd runs on because I got sick of the
clickety click as logs were written due to brute force login
attempts. Not an option for everyone but it did the trick
nicely for me. Port knocking is another option.
pete.
_______________________________________________
Linux-audio-dev mailing list
Linux-audio-dev@email-addr-hidden
http://lists.linuxaudio.org/mailman/listinfo/linux-audio-dev
Received on Sun Feb 15 04:15:03 2009
This archive was generated by hypermail 2.1.8 : Sun Feb 15 2009 - 04:15:03 EET