[lug] Cracking attempts via SSH
Hugh Brown
hugh at math.byu.edu
Fri Aug 20 17:27:48 MDT 2004
On Thu, 2004-08-19 at 13:50, Shannon Johnston wrote:
> Hmm...
> I would start by upgrading your Openssh. It doesn't look like they're
> attempting any exploits, but it's only a matter of time.
>
> The second thing you should do would be to make sure that the
> PermitRootLogin option in /etc/ssh/sshd_config is set to "no".
>
> Also, you can set who is allowed to ssh into the box my making entries
> in /etc/security/access.conf
>
> Hope that helps!
>
> Shannon Johnston
>
I've just recently been doing that (adding users to access.conf). I
discovered that on rh9 and debian sarge, you also have to enable the
pam_access.so in the appropriate files
rh9 needs
account required /lib/security/$ISA/pam_access.so
in /etc/pam.d/system-auth
debian sarge had it commented out in /etc/pam.d/login and I cut and
pasted the blurb into /etc/pam.d/ssh as well:
# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
account required pam_access.so
Hugh
More information about the LUG
mailing list