Too many failed 'root' login attempt everyday

[jazar]

on my VPS log (/var/log/secure) I saw there are some attempts to login as root from different IP addresses everyday. I already try to block those IP addresses by using iptables. Is it enough? Need your advice. Thanks

[jason]

If you haven't done it already, disable root logins from remote systems (I believe instructions were given in the VPS security thread). The create yourself a normal user account and use that for (SSH) logins, using the su (switch user) command to gain root access after logging in. Also be sure NOT to use the same password for root and your user account.

--Jason

[Gwaihir]

Sadly, I've found that to be a big pain when making system backups. Never found a way to make rsync over ssh accept such an su action.

Another thing you can do is restrict SSH access to your account to only your own IP(s). Even if your ISP gives you a dynamic IP, allowing only that range nicely locks 99+% of the internet out.

[jazar]

How to limit root access to some ip address? any tutorial?