Attacks on server on ssh-daemon
I detected in the log files of my server, that hundrets of failed login-attempts for the user root are made every day.
This attempts should be reduced and the likelihood of an successfull attempt minimized.
Taggings:
- Log in to post comments
1 answer
Prevent brute-force attack on server with ssh-daemon
If your ssh-server is reachable from the web you have to be careful.
There are many automated bots which are searching for open ports on your server and try to connect to your ssh-server with brute-force attacks.
Almost every attempt from bots is made with the username root because it is the admin user on almost every linux-server on the internet.
One attempt is to prevent successful logins from bots is to create a new user and add it to the sudoers file (/etc/sudoers).
This user is then able to get root-privileges.
If you have testet to connect with this new user over ssh and get root-privs you can set the flag "enable-root-login" at the ssh-server config to false.
Now the root user is not able to connect per ssh to the server.
- Log in to post comments