[WBEL-users] SSH Hack/Login attempts
Vincent.Raffensberger@dtn.com
Vincent.Raffensberger@dtn.com
Sun, 8 Aug 2004 17:47:17 -0500
This is a multipart message in MIME format.
--=_alternative 007D5DA686256EEA_=
Content-Type: text/plain; charset="US-ASCII"
Take a look at the 'AllowGroups' and 'MaxStartups' options in sshd_config.
The AllowGroups is self-explanatory.
Here's the manpage info on MaxStartups:
Specifies the maximum number of concurrent unauthenticated
con-
nections to the sshd daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying
the
three colon separated values ``start:rate:full'' (e.g.,
"10:30:60"). sshd will refuse connection attempts with a
proba-
bility of ``rate/100'' (30%) if there are currently ``start''
(10) unauthenticated connections. The probability increases
lin-
early and all connection attempts are refused if the number
of
unauthenticated connections reaches ``full'' (60).
I apologize if this is a duplicate message.
"Jeff Maze" <maillists@crescentdigital.com>
Sent by: whitebox-users-admin@beau.org
08/08/2004 08:39 AM
To
<whitebox-users@beau.org>
cc
Subject
[WBEL-users] SSH Hack/Login attempts
Hello,
I was wondering if there's a way to block some user
names/accounts
from attempting to be logged into via SSH. Lately, over the last week or
so, I've seen a lot of login attempts via test, admin, and guest accounts.
I have the PermitRootLogin=No in the sshd_conf file but was wondering if I
add the above mentioned accounts, they won't even get a password prompt.
Thanks..
Oh yea, there aren't admin, test, nor guest accounts created on the
machine
but they keep trying to use them to login.
_______________________________________________
Whitebox-users mailing list
Whitebox-users@beau.org
http://beau.org/mailman/listinfo/whitebox-users
--=_alternative 007D5DA686256EEA_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">Take a look at the 'AllowGroups' and
'MaxStartups' options in sshd_config.</font>
<br>
<br><font size=2 face="sans-serif">The AllowGroups is self-explanatory.</font>
<br>
<br><font size=2 face="sans-serif">Here's the manpage info on MaxStartups:</font>
<br><font size=2 face="sans-serif">
Specifies the maximum number of concurrent unauthenticated con-</font>
<br><font size=2 face="sans-serif">
nections to the sshd daemon. Additional connections will be</font>
<br><font size=2 face="sans-serif">
dropped until authentication succeeds or the LoginGraceTime</font>
<br><font size=2 face="sans-serif">
expires for a connection. The default is 10.</font>
<br>
<br><font size=2 face="sans-serif">
Alternatively, random early drop can be enabled by specifying the</font>
<br><font size=2 face="sans-serif">
three colon separated values ``start:rate:full'' (e.g.,</font>
<br><font size=2 face="sans-serif">
"10:30:60"). sshd will refuse connection attempts
with a proba-</font>
<br><font size=2 face="sans-serif">
bility of ``rate/100'' (30%) if there are currently ``start''</font>
<br><font size=2 face="sans-serif">
(10) unauthenticated connections. The probability increases
lin-</font>
<br><font size=2 face="sans-serif">
early and all connection attempts are refused if the number of</font>
<br><font size=2 face="sans-serif">
unauthenticated connections reaches ``full'' (60).</font>
<br>
<br><font size=2 face="sans-serif">I apologize if this is a duplicate message.</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>"Jeff Maze" <maillists@crescentdigital.com></b>
</font>
<br><font size=1 face="sans-serif">Sent by: whitebox-users-admin@beau.org</font>
<p><font size=1 face="sans-serif">08/08/2004 08:39 AM</font>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif"><whitebox-users@beau.org></font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">[WBEL-users] SSH Hack/Login
attempts</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>Hello,<br>
I was wondering if there's a way to block some user names/accounts<br>
from attempting to be logged into via SSH. Lately, over the last
week or<br>
so, I've seen a lot of login attempts via test, admin, and guest accounts.<br>
I have the PermitRootLogin=No in the sshd_conf file but was wondering if
I<br>
add the above mentioned accounts, they won't even get a password prompt.<br>
Thanks..<br>
<br>
Oh yea, there aren't admin, test, nor guest accounts created on the machine<br>
but they keep trying to use them to login.<br>
<br>
<br>
<br>
_______________________________________________<br>
Whitebox-users mailing list<br>
Whitebox-users@beau.org<br>
http://beau.org/mailman/listinfo/whitebox-users<br>
</tt></font>
<br>
--=_alternative 007D5DA686256EEA_=--