Do you know the IP addresses of the users that ARE authorized to SSH into the system? If so, add them to /etc/hosts.allow. Tal -----Original Message----- From: wlug-bounces@mail.wlug.org [mailto:wlug-bounces@mail.wlug.org] On Behalf Of Eric Martin Sent: Tuesday, September 30, 2008 1:44 PM To: Worcester Linux Users Group Subject: [Wlug] SSH problems I have an outward facing ssh box at work that is currently being attacked. somebody's going through a dictionary attack of usernames; currently he or she is on abl. I can't block the IP Address because the ip is different with each username. Does anybody have any good ideas on how to stop this? I'm probably going to move the ssh port to some random high number to get rid of this, but I don't know yet if anybody else ssh's in besides me. Thanks in advance -- Eric Martin Key fingerprint = D1C4 086E DBB5 C18E 6FDA B215 6A25 7174 A941 3B9F