[lug] Attacks Intensifying
George Sexton
gsexton at mhsoftware.com
Thu Oct 28 09:26:48 MDT 2004
I think a good idea is to set "PermitRootLogin" to no as a matter of
routine, so that even if you have a bogus password, it won't work.
The second thing I recommend doing is to create a group of people (say
"sshusers") who are explicitly allowed to use SSH and put the configuration
directive "Allow Groups sshusers" in the sshd_config.
For extra paranoia, you could disable password login. If you do that though,
you end up having to install public keys for the users before they will be
able to login.
George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
> -----Original Message-----
> From: lug-bounces at lug.boulder.co.us
> [mailto:lug-bounces at lug.boulder.co.us] On Behalf Of Bill Thoen
> Sent: Thursday, October 28, 2004 7:52 AM
> To: Boulder Linux Users Group
> Subject: [lug] Attacks Intensifying
>
> I've been noticing ever more concerted attacks via ssh
> lately. The last
> two last night were from karp.ece.cmu.edu: 34 times, and
> 206.166.198.131:
> 107 times. They try user names like nobody, user, rolo, etc.,
> and more
> disturbingly, root. So far they haven't succeeded.
>
> But I was wondering... Is there any way to see what passwords these
> scripted attacks are trying? My messages and secure logs
> don't show it.
> I'm just curious to see how close they might be getting.
>
> - Bill Thoen
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
>
More information about the LUG
mailing list