[nycphp-talk] [OT] SSH security question

csnyder chsnyder at
Sat Apr 30 22:33:13 EDT 2005

On 4/30/05, David Mintz <dmintz at> wrote:
> Is it normal to get attacked like this just about every day?

Apparently it's not considered as an "attack" if it's only a few (I'm
guessing 20? 30?) probes a day. The chances of a lucky guess if you
enfore decent passwords are pretty slim at those numbers.

Even if it's not an attack, it's an annoyance. It feels... dirty to
see all those usernames in your logs.

Solutions I've seen range from ignoring them to using keys only (no
passwords) to crafting a dynamic firewall (a la portsentry) -- 6
failed logins and your ip is blocked for 20 minutes, or longer. Make
sure you can whitelist your own ip address. You don't want to be
locked out by somebody else borrowing your address.

More information about the talk mailing list