How to secure the SSHD daemon?

Solution Verified - Updated -

Issue

  • Some system administrators noticed that attackers have been attempting to login with common usernames and passwords over SSH. In the system logs of /var/log/secure, similar entries to the following for many common usernames (such as "admin", "guest", "test", and "root") may be seen:
        Oct 28 11:11:08 hostname sshd[13412]: Illegal user admin from 172.16.59.10
        Oct 28 11:11:12 hostname sshd[13412]: Failed password for illegal user admin from 172.16.59.10 port 33762 ssh2
  • Repeated attempts may be indicative of an attacker trying to guess the password to a particular account, especially the root account, by "brute force". A brute force attack is one where the password is repeatedly guessed until the correct one is found.

Environment

  • Red Hat Enterprise Linux (RHEL)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content