[lug] Cracking attempts via SSH (somewhat OT)

Shannon Johnston sjohnston at cavionplus.com
Wed Sep 8 20:43:30 MDT 2004 

Yeah, I think that entries in access.conf  can limit to users at domain.


Shannon Johnston



Ben Luey wrote:

>On the subject of ssh logins and security, I'm trying to reduce the number
>of accounts that have remote ssh access to a server, and so I installed
>scponly.  Scponly gives users scp / sftp access but no shell access and
>chroots to their home directory. This is great, but I would like some
>users to have ssh login access from inside our firewall, but because
>scponly is installed as their shell, I don't know how to do this. Is it
>possible to somehow have a host specific shell? Also, anyone have
>recommendations on having ssh restrict certain users to login from
>only certain domains?
>
>
>Thanks,
>
>Ben
>
>
>
>
>Ben Luey
>lueyb at jilau1.colorado.edu
>On Thu, 19 Aug 2004, Daniel Miller wrote:
>
>  
>
>>On Thu, 19 Aug 2004 11:45:36 -0600 (MDT)
>>Bill Thoen <bthoen at gisnet.com> wrote:
>>
>>    
>>
>>>Back around July 26, I first started seeing unauthorized attempts to
>>>gain access to my server via ssh. The pattern was to try accessing an
>>>account named 'test', then 2 seconds later to try the account 'guest.'
>>>The originating IPs were from Korea and China (of course) Italy,
>>>Russia, and other european sources. Even one from the class B network
>>>I'm on.
>>>
>>>      
>>>
>><snip>
>>
>>    
>>
>>>- Bill Thoen
>>>
>>>
>>>      
>>>
>>I haven't personally seen any myself, but another LUG I deal with has a
>>thread on the exact same issue.  You can see their discussion at:
>>
>>http://mailman.plug.org/pipermail/pluglist/2004-July/009303.html
>>
>>Dan
>>_______________________________________________
>>Web Page:  http://lug.boulder.co.us
>>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>>
>>    
>>
>_______________________________________________
>Web Page:  http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>  
>

More information about the LUG mailing list