mrflash818 (mrflash818) wrote in debian,

sshd protection - advice desired

Following SGVLUG presentation on ssh tricks, I setup an sshd server instance
on my debian workstation, using public key auth, and was able to be

I made sure to disable root login, and any password login attempts by
modifying sshd_config.

In the hour I was testing the new wonder, I was also tail-ing my auth log.

To my chagrin, in the two times I tested, I had many attempts to access my

Oct 18 01:59:55 pip sshd[26361]: Invalid user oracle from
Oct 18 02:00:02 pip sshd[26367]: Invalid user test from
Oct 18 02:08:34 pip sshd[26596]: Invalid user test from
Oct 18 02:08:42 pip sshd[26599]: Invalid user test from
Oct 18 03:12:02 pip sshd[27000]: Invalid user oracle from
Oct 18 03:12:09 pip sshd[27003]: Invalid user test from
Oct 18 10:48:01 pip sshd[27953]: Invalid user peter from
Oct 18 10:48:07 pip sshd[27956]: Invalid user peter from
Oct 18 10:48:13 pip sshd[27958]: Invalid user sergei from
Oct 18 10:48:19 pip sshd[27960]: User root from not allowed
because not listed in AllowUsers

So, I am hoping I could get advice or suggestions on what further
protections I could add (if any).
- I don't think static firewall rules would help, as I am hoping to ssh
into my box from anywhere
- I am guessing there is a way to have automation block or slowdown
attempts if they begin to seem suspicious.

I am no sysadmin, but looks like I am gonna have to learn some sysadmin-ish stuff
if I want to prevent my system from getting compromised. That, or admit I am over my head, and abandon
trying to be able to ssh into my box and do stuff from the outside world.
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.