Blog roll
R-bloggers, Debian Weekly![[Valid RSS]](valid-rss-rogers.png "Validate my RSS feed")
Last modified:
oktober 17, 2019
The following was played up for me in real time right as I issued tail -f /var/log/auth.log.
Nov 13 16:07:54 raspberrypi sshd[2741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.123.126.242 user=root Nov 13 16:07:56 raspberrypi sshd[2741]: Failed password for root from 109.123.126.242 port 49590 ssh2 Nov 13 16:07:56 raspberrypi sshd[2741]: Received disconnect from 109.123.126.242: 11: Bye Bye [preauth] Nov 13 16:07:56 raspberrypi sshd[2743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.123.126.242 user=root Nov 13 16:07:58 raspberrypi sshd[2743]: Failed password for root from 109.123.126.242 port 50959 ssh2 Nov 13 16:07:58 raspberrypi sshd[2743]: Received disconnect from 109.123.126.242: 11: Bye Bye [preauth] Nov 13 16:07:59 raspberrypi sshd[2745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.123.126.242 user=root Nov 13 16:08:01 raspberrypi sshd[2745]: Failed password for root from 109.123.126.242 port 52230 ssh2 Nov 13 16:08:01 raspberrypi sshd[2745]: Received disconnect from 109.123.126.242: 11: Bye Bye [preauth] Nov 13 16:08:02 raspberrypi sshd[2747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.123.126.242 user=root Nov 13 16:08:03 raspberrypi sshd[2747]: Failed password for root from 109.123.126.242 port 53781 ssh2 Nov 13 16:08:03 raspberrypi sshd[2747]: Received disconnect from 109.123.126.242: 11: Bye Bye [preauth] Again and again...
So, I thought it was best to disable password authentication, which is done by setting these two options in /etc/ssh/sshd_config.
PasswordAuthentication no ChallengeResponseAuthentication no
In addition, something like https://wiki.debian.org/HOWTO/DynamicBlockSSHddos would be nice.