Skip to content →

Block unauthorized ssh login attempts (attacks)

My friends and I am working on a hobby project and  we need a Git server, so I set up one on my MacBook Pro. We access the repository via SSH. However when I checked the ssh log I found someone trying to get ssh access to my machine by guessing usernames. The log looks as follows:

Jun 29 21:06:52 doh1 sshd[19400]: Invalid user postgres from 190.181.132.70
Jun 29 21:06:52 doh1 sshd[19401]: input_userauth_request: invalid user postgres
Jun 29 21:06:52 doh1 sshd[19401]: Received disconnect from 190.181.132.70: 11: Bye Bye
Jun 29 21:06:54 doh1 sshd[19402]: reverse mapping checking getaddrinfo for wimax132-70.yota.com.ni [190.181.132.70] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 29 21:06:54 doh1 sshd[19403]: Received disconnect from 190.181.132.70: 11: Bye Bye
Jun 29 21:06:55 doh1 sshd[19405]: reverse mapping checking getaddrinfo for wimax132-70.yota.com.ni [190.181.132.70] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 29 21:06:55 doh1 sshd[19405]: Invalid user backup from 190.181.132.70
Jun 29 21:06:55 doh1 sshd[19406]: input_userauth_request: invalid user backup
Jun 29 21:06:56 doh1 sshd[19406]: Received disconnect from 190.181.132.70: 11: Bye Bye
Jun 29 21:06:57 doh1 sshd[19407]: reverse mapping checking getaddrinfo for wimax132-70.yota.com.ni [190.181.132.70] failed - POSSIBLE BREAK-IN ATTEMPT!

I first tried to use DenyHosts, however, there are still attempts from other IP addresses. Since there are three of us accessing the repository, I configured the hosts.allow and hosts.deny manually: deny all hosts other than the IP addresses I trust.

hosts.deny:

~$ cat /etc/hosts.deny 
sshd: ALL

hosts.allow:

~$ cat /etc/hosts.allow
sshd: [The IP addresses you allow to connect via SSH]
ALL: localhost

Now the log file should be quite…

Published in Miscellaneous

Comments

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.