SSHD attack tips

Discussion in 'macOS' started by chrysrobyn, Jan 6, 2010.

  1. chrysrobyn macrumors member

    May 9, 2003
    Austin, TX
    My Mac has always had the SSHD port forwarded from the firewall so I could log in from work (to grab music or check on things with VNC, etc.). Sometimes the CPU got pegged at 100% because of attacks against SSHD. Of course, there are typical admin tips for this behavior in /etc/sshd_config including disallowing root with PermitRootLogin, and whitelisting only you in AllowUsers. Personally I prefer to disallow PasswordAuthentication and stick with key exchange only. While I felt my system was secure, the attacks continued and took away from the usability of the machine.

    I recently found sshdfilter ( ), and wanted to share it with the MacRumors community. If a red flag is thrown on the SSHD authentication, the offending system can get firewalled out. Connecitons that don't even make it to the SSHD daemon don't eat up near as much CPU cycles. The number of attacks in /var/log/secure.log has been slashed and I never find the CPU taxed from attacks. I'm not certain it's perfect in what trips it, but I'm impressed, and the MacOSX maintainer is responsive.
  2. maflynn Moderator


    Staff Member

    May 3, 2009
    You could also use or The former offers a free version for home use. The latter is paid. I use gotomypc to access my mac and it works great and appears not to have the security issues you're dealing with
  3. ScoobyMcDoo macrumors 65816

    Nov 26, 2007
    Austin, TX
    I've often wondered how secure logmein really is. All of our keystrokes and such are traveling through their servers - right, so who is to say that they are not collecting passwords that could let them take over all of our computers at some time?

Share This Page