Enhancing Security: Combatting Automated SSH Attacks on Linux

As many systems administrators will tell you, attacks from automated login scripts specifically targeting common account names with weak passwords have become a substantial threat to system security, especially via SSH (a popular program that allows remote users to log in to a Linux computer and execute commands locally). Here are some common-sense rules to follow that can greatly improve security, as well as several scripts to cut down on the computing resources wasted by these attacks.

Brute-force attackers use so-called dictionary attacks, attempting many different login/password combinations in an attempt to hit on one that matches. In most cases, these scripts use a pre-programmed "dictionary" of often-used account names (such as www, admin, test, or guest). These scripts then attempt common passwords (often just the name of the account or an empty string). When one attempt fails, the script continues on, attempting other entries in its dictionary, until it has exhausted every pair (which can total hundreds of login attempts).

The link for this article located at Linux.com is no longer available.