Ruminations on an SSH attack
Tom Buskey
tom at buskey.name
Mon Dec 19 09:06:01 EST 2005
On 12/18/05, Brian Chabot <brian at datasquire.net> wrote:
>
> Bill McGonigle wrote:
>
> > I sleep better at night knowing my servers have these lines in them:
> >
> > Protocol 2
> > PermitRootLogin no
> > IgnoreRhosts yes
> > PasswordAuthentication no
> > AllowUsers ...
>
>
> I like to add in:
>
> MaxAuthTries 6
> UsePrivilegeSeparation yes
>
> AllowUsers can be a pain if your user bas changes..
ListenAddress if your users always come from the same IP adresses. Not
always doable, but if it is....
Port xxxx # changing to a non standard port
I'm at a site that blocks all outgoing ports except 22 :-( Security by
obscurity, but it makes you harder to find then your neighbors.
I've started running something called DenyHosts. If I get N failed logins
from an IP address, it gets added to /etc/hosts.deny and my sshd never sees
that IP again. It's worth checking out. All automated w/ email alerts,
expiration of IPs (or not), number of failures, etc.
--
A strong conviction that something must be done is the parent of many bad
measures.
- Daniel Webster
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20051219/f92ec1cf/attachment.html
More information about the gnhlug-discuss
mailing list