Path: csiph.com!tncsrv06.tnetconsulting.net!3.us.feeder.erje.net!feeder.erje.net!border-1.nntp.ord.giganews.com!nntp.giganews.com!Xl.tags.giganews.com!local-2.nntp.ord.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mail NNTP-Posting-Date: Mon, 26 Dec 2022 06:14:19 +0000 Subject: Re: Is It Time To Replace SSH ??? Newsgroups: comp.os.linux.misc References: <87r0x0xmre.fsf@usenet.ankman.de> <87mt7mwyvl.fsf@usenet.ankman.de> <871qoywh67.fsf@usenet.ankman.de> <87a63dpgus.fsf@usenet.ankman.de> From: "26C.Z969" <26C.Z969@noaada.net> Date: Mon, 26 Dec 2022 01:14:19 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <87a63dpgus.fsf@usenet.ankman.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Message-ID: <18-dnf8Sm6cmpjT-nZ2dnZfqn_adnZ2d@earthlink.com> Lines: 54 X-Usenet-Provider: http://www.giganews.com NNTP-Posting-Host: 68.222.41.46 X-Trace: sv3-NNWAxaaPeHjBrGGpFE8VXVe1zBdWUuW3rqJP0g/BNWyWicdpsLXiMSXeRT9OxOr2YXJ0loogBAewZYt!uRw8p45kgJQmd6N916H502ADnQvMK0uu359o5hUdKlzvMYolEicK4W2ZAlLd6k+cmTNVPJUksdUJ!6tnfSBw2scxoY6JDCho= X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.40 Xref: csiph.com comp.os.linux.misc:36601 On 12/23/22 11:26 PM, Andreas Kohlbach wrote: > On Fri, 23 Dec 2022 22:36:50 -0500, 26C.Z969 wrote: >> >> On 12/17/22 10:30 AM, David W. Hodgins wrote: >> >>> When you get a few dozen hits per minute, it doesn't take a week to >>> use a lot >>> of log space. Rotating more often will mean info will be removed >>> sooner too. >>> Granted, disk drive space has come down in price a lot since I ran >>> into the >>> issue and switched to using a custom port, but there are also new systems >>> such as raspberry pi, that normally run from an sd card, which limits the >>> drive size. >> >> I've writ a number of special-purpose apps for PIs, but >> yes, the space issue requires a lot of thought. You CAN >> attach a USB SSD or even an efficient USB HD (have a 3tb >> one attached to one Pi) > > "pi" also seems to be a famous username for trying to get into a > computer, as I can see in my logs. The recent Raspbian incarnations allow you to set the default user name during install, even encourage you NOT to use "pi". Of course "pi" is perfectly good IF you use a decent PW. For SSH, set very low limits on tries from one IP and on parallel login threads. I doubt you need to use a PI to handle all commercial internet traffic so you can be very anal about that stuff. > | 2022-12-23T03:06:33.815375-05:00 localhost sshd[22509]: Failed password for invalid user pi from 89.109.32.143 port 24603 ssh2 > > Got tons of these, next to "admin". > > Recently I allowed the scammers "SSH access" again. Not limiting it to > 192.168.0.0 anymore, to get some log entries. Experiments CAN be enlightening :-) Every so often I set firewall rule #1 to allow all - and log it. Just for five minutes or so of course. The results can be, well, "interesting" ... > Btw. the IP attempting from in this extract is from Russia. Could be a > hacked computer though. "admin" is the other common 'default' (sometimes irreplacable) user name on zillions of devices and apps. Again, use a decent PW or even more and you'll be OK.