[TriLUG] Failed logins
brian at strutmasters.com
Fri Sep 2 10:14:19 EDT 2005
I usually set sshd to not allow root logins. Doesn't really make you
any safer in of itself, of course (unless you also control who has
access to the su or sudo commands, for example), but it was presented to
me as a sort of best-practice. This is done by setting
"PermitRootLogin" to "no" in /etc/ssh/sshd_config (on a RH
system...can't speak for others necessarily).
You also may wish to consider, if it's feasable for your situation, to
limit sshd connections to certain IP addresses or ranges, such as by
using tcpwrappers (/etc/hosts.allow, /etc/hosts.deny) or iptables. Of
course, that's not a very scalable tactic, and is no good if you can't
always predict where you'll be when you need the ssh access..
Lisa Boyd wrote:
> I've been checking my Logwatch files and have noticed some failed
> logins for root listed under sshd. I assume someone is trying to break
> into my server, but is this something to seriously worry about?
> Considering my root password is not a dictionary word ;)
> Lisa B.
More information about the TriLUG