[lug] Cracking attempts via SSH (somewhat OT)
Ben Luey
lueyb at jilau1.Colorado.EDU
Wed Sep 8 19:42:16 MDT 2004
On the subject of ssh logins and security, I'm trying to reduce the number
of accounts that have remote ssh access to a server, and so I installed
scponly. Scponly gives users scp / sftp access but no shell access and
chroots to their home directory. This is great, but I would like some
users to have ssh login access from inside our firewall, but because
scponly is installed as their shell, I don't know how to do this. Is it
possible to somehow have a host specific shell? Also, anyone have
recommendations on having ssh restrict certain users to login from
only certain domains?
Thanks,
Ben
Ben Luey
lueyb at jilau1.colorado.edu
On Thu, 19 Aug 2004, Daniel Miller wrote:
> On Thu, 19 Aug 2004 11:45:36 -0600 (MDT)
> Bill Thoen <bthoen at gisnet.com> wrote:
>
> > Back around July 26, I first started seeing unauthorized attempts to
> > gain access to my server via ssh. The pattern was to try accessing an
> > account named 'test', then 2 seconds later to try the account 'guest.'
> > The originating IPs were from Korea and China (of course) Italy,
> > Russia, and other european sources. Even one from the class B network
> > I'm on.
> >
>
> <snip>
>
> >
> > - Bill Thoen
> >
> >
>
> I haven't personally seen any myself, but another LUG I deal with has a
> thread on the exact same issue. You can see their discussion at:
>
> http://mailman.plug.org/pipermail/pluglist/2004-July/009303.html
>
> Dan
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list