It may be easier to do an allow rules for IPs you want to access the server via SSH than vice versa. This is the best practice I believe. Secondly, there is a file /etc/ssh/sshd_config.You may want to have the following PermitRootLogin no AllowUsers user1, user2, user3. -----Original Message----- From: Cynthia Wahome <cwahome@jambo.co.ke> Reply-to: Skunkworks Forum <skunkworks@lists.my.co.ke> To: skunkworks@my.co.ke Subject: [Skunkworks] CentOS SERVER SECURITY Date: Mon, 1 Feb 2010 10:11:38 +0300 (EAT) Hello Skunkers I have a Linux Box that is on the internet.I have several times noticed that when i look at my log files in /var/log/secure i notice alot of possible break in attempts eg 32 proxicious sshd[32036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cl67-179-182-213.cl.metrocom.ru user=root Jan 25 19:02:34 proxicious sshd[32036]: Failed password for root from 213.182.179.67 port 47122 ssh2 Jan 25 19:02:34 proxicious sshd[32037]: Received disconnect from 213.182.179.67: 11: Bye Bye Jan 25 19:02:36 proxicious sshd[32038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 There are so many ip addresses trying to enter this box.I have been blocking the IP addresses using iptables -A INPUT -s a.b.c.d -j DROP from the box. My question is,if there are very many IP's trying;is there a simpler method of doing this or do i have to do it one by one.(really frustrating) PS I have not enabled SELinux becoz sometimes it becomes a hindrance alot. Any help is appreciated Regards ---------------------------------------------- This message has been scanned for viruses and dangerous content by Jambo MailScanner, and is believed to be clean. --------------------------------------------- "easy access to the world" _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general