I have a machine that consistently has high CPU for SSH jobs(n3) so I set
up logging(n1) to find the culprit. Turns out China is working overtime to
get into this machine. SSH is configured to require keys and disallow
passwords (and other sshd_config settings) so I am not too concerned about
a breach(n2), but the CPU consumption is annoying.
I have a vCloud network appliance sitting in front of the IBM i and
configured a DENY rule for the specific China IP address, but at the end of
the day I still need to allow SSH from a variety of IP addresses.
Are there ways, on IBM i, to automatically blacklist IP addresses that
attempt to log in with "root"?
What do others employ to stop this in a more automatic fashion?
n1 -
http://bit.ly/N1014301
n2 - with the exception of the most recent vulnerabilities
n3...
Work with Active Jobs
02/11/16
CPU %: 16.6 Elapsed time: 00:00:00 Active jobs: 205
Current
Opt Subsystem/Job User Type CPU % Function Status
QP0ZSPWP QSECOFR BCI 13.8 PGM-sshd RUN
Aaron Bartell
litmis.com - Services for open source on IBM i
midrange.com
