Thank you to all who replied. (There were several dozen)
If I had to name everyone, there would not be room on this page! This
list is great.
Solution #1) Change the port number in sshd_config to something obscure.
Solution #2) Edit the sshd_config file, and include or create this
entry: MaxAuthTries 3
- this forces a disconnect after two unsuccessful tries.
------------------------------------------------------------------------
---------
Original post): Every day I get some script kiddie, or adult trying to
guess usernames or passwords.
I've installed the newest version of SSH, so i'm covered there. But I
still get a dozen or 2 of the
"sshd Invalid user somename from ###.##.##.###" "input_userauth_request:
ivalid user somename"
"Failed password for invalid user somename" "Recieved disconnect from
###.##.##.###"
Someone told me to add a 'block in quick on $net inet proto {tcp,udp}
from ###.##.##.### to any flags S/SA'
entry in my pf.conf file. But if I had do that for every hacker my
pf.conf would be huge!
There's got to be a better way, and I'm open to suggestions.
John F. Marten III
Information Technology Specialist
