I want to be able to ssh into my server at home so I enabled port forwarding on my router. And, of course, the very next day there is some a**hole's bot out there trying to brut force there way in as root ...
Sep 29 06:50:28 localhost sshd[14292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.151.36.14 user=root
Sep 29 06:50:30 localhost sshd[14292]: Failed password for root from 12.151.36.14 port 50017 ssh2
Sep 29 06:50:30 localhost sshd[14293]: Received disconnect from 12.151.36.14: 11: Bye Bye
Sep 29 06:50:30 localhost sshd[14295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.151.36.14 user=root
Sep 29 06:50:32 localhost sshd[14295]: Failed password for root from 12.151.36.14 port 51098 ssh2
Sep 29 06:50:32 localhost sshd[14296]: Received disconnect from 12.151.36.14: 11: Bye Bye
Best thing to do is disallow ssh access as root like so ...
[red@localhost ssh]$ cd
[red@localhost ~]$ cd /etc/ssh/
[red@localhost ssh]$ sudo cp sshd_config sshd_config.orig
[red@localhost ssh]$ sudo vim sshd_config
[red@localhost ssh]$ sudo diff sshd_config sshd_config.orig
39c39
< PermitRootLogin no
---
> #PermitRootLogin yes
[plankton@localhost ssh]$ sudo /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[red@localhost ssh]$
No comments:
Post a Comment