cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
529
Views
0
Helpful
3
Replies

VCS SSH login attempts

I've been seeing from time to time a lot of SSH login attempts on our VCS, any suggestions to prevent this?  It looks like a port scan and something is just trying random attempts.

1 ACCEPTED SOLUTION

Accepted Solutions

Then talk to your network guys, its really not preferred to have the vcs unfirewalled.

Besides what I wrote, cutting the cable and ignoring the messages there is not that much to do,

though ignoring is not the best method :-)

This is a typical thing what you see, there are plenty scripts running on the internet, most likely

not directly targeting your organization but at least open and vulnurable systems.

This is related to all systems connected to open networks and not only to the VCS.

An other typical scan is sip ports which might also contain attempts to route external isdn calls.

Patrick: Please rate my postings using the stars below and set the thread to answered if it is.

Please remember to rate helpful responses and identify

View solution in original post

3 REPLIES 3
Martin Koch
Advocate

Is the vcs on your internal net or exposed to the internet?

If its internal, you might identify the persons trying to access the VCS.

Anyhow, I would not run a vcs without a firewall to limit the access to the management ports,

expecilly if its connected to some public network.

There seem to be plans in the future version to have a local firewall on the VCS, but even

then I still recomend having the ports like ssh, http(s), ldap, ... blocked from the outside.

If you block it in your firewall you should not see any attempts.

Besides that, check that you use secure passwords for the admin / root and all other system accounts

as well as for the provisioning database and disable unused users if you added any.

Please remember to rate helpful responses and identify

It's external, not my choice however.  All the time the IPs identified are not from our network.

Then talk to your network guys, its really not preferred to have the vcs unfirewalled.

Besides what I wrote, cutting the cable and ignoring the messages there is not that much to do,

though ignoring is not the best method :-)

This is a typical thing what you see, there are plenty scripts running on the internet, most likely

not directly targeting your organization but at least open and vulnurable systems.

This is related to all systems connected to open networks and not only to the VCS.

An other typical scan is sip ports which might also contain attempts to route external isdn calls.

Patrick: Please rate my postings using the stars below and set the thread to answered if it is.

Please remember to rate helpful responses and identify

View solution in original post

Content for Community-Ad

Spotlight Awards 2021