Ruminations on an SSH attack
Dan Jenkins
dan at rastech.com
Mon Dec 19 00:13:00 EST 2005
Brian Chabot wrote:
> Bill McGonigle wrote:
>
> > I sleep better at night knowing my servers have these lines in
> > them:
> >
> > Protocol 2
> > PermitRootLogin no
> > IgnoreRhosts yes
> > PasswordAuthentication no
> > AllowUsers ...
>
> I like to add in:
>
> MaxAuthTries 6 UsePrivilegeSeparation yes
>
> AllowUsers can be a pain if your user bas changes..
I've eliminated the SSH attack problem at our clients by restricting
access to SSH to a set of known IP addresses in hosts.allow. To connect
to our clients while we are traveling, we have to first login to a
system at one of our trusted locations. Only one system has to have SSH
exposed to the Internet, in our case. Others may find that inconvenient
or impracticable, but it has, at least, saved me those messy log files
over the last year since I implemented it. Access from one of our
offices does not need that additional step, of course, as those are the
trusted addresses.
An alternative that worked quite well for a friend was simply to change
the port SSH listens on. The automated attacks never touched him
thereafter. They appear not to be very clever.
--
Dan Jenkins (dan at rastech.com)
Rastech Inc., Bedford, NH, USA --- 1-603-206-9951
*** Technical Support Excellence for over a quarter century
More information about the gnhlug-discuss
mailing list