[conspire] Ongoing dictionary attacks on SSH daemons

[Rick Moen]

Bill Moseley <moseley at hank.org> wrote:

> So where are these attacks coming from? I've just assumed they are
> owned machines sending out bulk attempts so haven't tried to track
> them down.

I figure yes.  I looked up the one I quoted, at the time, and it seemed
to be coming from a desktop box somewhere in Europe.  (I forget which 
country, but I think Daniel posted it.)

> I've disabled only root login.  I'd like to keep password access for
> other accounts as I don't always have my private key.  Been thinking
> more about port knocking lately.  Every set that up?

No, I haven't, but it's definitely a trick worth considering.

I'm not really worried about dictionary attacks succeeding against
accounts where *I* determine the passwords, since mine are about as
close to random maximum-length strings as possible.  I worry a bit about
some of my users, though.

http://linuxmafia.com/~rick/lexicon.html#moenslaw-security2

;->