Dictionary Attack
Sunday, November 23rd, 2008If you’re running an SSH server on a machine exposed to the Big Bad Internet, it is best to disable password authentication. Public-key authentication is a far safer option. Here’s a typical snippet of my server logs that explains why:
Nov 20 10:24:01 [sshd] Invalid user backup from 203.239.105.2
Nov 20 10:24:03 [sshd] Invalid user info from 203.239.105.2
Nov 20 10:24:04 [sshd] Invalid user shop from 203.239.105.2
Nov 20 10:24:06 [sshd] Invalid user sales from 203.239.105.2
Nov 20 10:24:07 [sshd] Invalid user web from 203.239.105.2
Nov 20 10:24:09 [sshd] Invalid user www from 203.239.105.2
Nov 20 10:24:11 [sshd] Invalid user wwwrun from 203.239.105.2
Nov 20 10:24:12 [sshd] Invalid user adam from 203.239.105.2
Nov 20 10:24:14 [sshd] Invalid user stephen from 203.239.105.2
Nov 20 10:24:15 [sshd] Invalid user richard from 203.239.105.2
Nov 20 10:24:17 [sshd] Invalid user george from 203.239.105.2
Nov 20 10:24:19 [sshd] Invalid user michael from 203.239.105.2
Nov 20 10:24:20 [sshd] Invalid user john from 203.239.105.2
Nov 20 10:24:22 [sshd] Invalid user david from 203.239.105.2
Nov 20 10:24:23 [sshd] Invalid user paul from 203.239.105.2
Nov 20 10:24:27 [sshd] Invalid user angel from 203.239.105.2
Nov 20 10:24:30 [sshd] Invalid user pgsql from 203.239.105.2
