Q: Stopping brute force ssh attacks on OS X Server 4?
OK, well the new year has brought out a slew of fresh IPs (mostly from Hong Kong, and China) trying to login to my machine (running OS X Yosemite 10.10.1 Server 4.0.3).
I have enabled the adaptive firewall (per http://help.apple.com/advancedserveradmin/mac/4.0/#/apd4288B31F-0C3D-4004-9480-4 B7E0AFBB818) and yet the attacks continue unabated. Multiple IPs from one class C address block, for instance—flipping between three different IPs—are hitting my machine once per second over the course of dozens of hours. Yet the firewall is doing nothing to block those IP(s). They either walk through and try a list of bogus accounts, or continually hammer the root account.
I have configured just a few users access to ssh via the server application. But short of disabling sshd—which is not ideal—what are the strategies for combating these attacks? Is the best route to use the /etc/hosts.allow and /etc/hosts.deny files to configure access for sshd?
Thanks for any tips! —michael
Mac mini, OS X Yosemite (10.10.1), Server 4
Posted on Jan 22, 2015 4:40 PM