Message
Potential SSH Brute Force Attack
Summary
This event is generated when an attacker attempts to login to an SSH server by guessing usernames and passwords.
Detailed Information
By default, access to the SSH server from the Internet is blocked by the firewall. If you decide to open SSH on the firewall, make sure you follow these guidelines:
- Use a good password for accounts using shell access
- Do not give shell access to regular users
- If you do need to grant shell access to an end user, make sure they are also using a good password
- Use key-based authentication (see link below)
content/en_us/ssh_brute_force_attack.txt · Last modified: 2014/08/27 04:13 (external edit)