Using honeypot you can monitor and learn more about malicious SSH login.
ADVERTISEMENTS
From the article:
Malicious SSH login attempts have been appearing in some administrators’ logs for several years. This article revisits the use of honeypots to analyze malicious SSH login attempts and see what can be learned about this activity. The article then offers recommendations on how to secure one’s system against these attacks.
Read more at securityfocus…
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 1 comment... add one ↓
READ NEXT
Fun Things To Do With Your Honeypot
40 Linux Server Hardening Security Tips [2019 edition]
How Install and setup a honeypot
30 Linux System Monitoring Tools Every SysAdmin Should Know
Linux 25 PHP Security Best Practices For Sys Admins
30 Best Sources For Linux / *BSD / Unix Documentation On the Web- Top 20 OpenSSH Server Best Security Practices
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
A honeypot isn’t even needed – an active web server with logging enabled seems to attract *plenty* of malicious login attempts. Provided the server is hardened well enough to avoid compromise, this may yield more accurate results than a honeypot that many adversaries recognize.