On Mon, 05 Dec 2005 18:18:18 +0100, Jon Solberg wrote:

> with secure passwords and user names combined with the "AllowUsers"
> option in your sshd_config these attempts are in most cases merely a
> nuisance that clog up your logs.

Indeed. Only rather then "AllowUsers" i set:

# Allow only users that are in group "ssh"
AllowGroups ssh

And put users (who need SSH access) in the ssh group (using "vipw"). This
had the benefit of central administation, allong with allowing to add cq
delete users without having to restart sshd.

> The login attempts create far too much noise to go by undetected.

On the other side of the coin tough: acctual brakeins might go unnoticed
in all the noise ...

--
-Menno.