Date: Wed, 18 May 2005 23:11:17 +0200 From: Emanuel Strobl <Emanuel.strobl@gmx.net> To: freebsd-questions@freebsd.org Subject: Re: illegal user root user failed login attempts Message-ID: <200505182311.25158@harrymail> In-Reply-To: <200505181556.44648.kirk@strauser.com> References: <C993D184-EDA6-446B-96CC-59B9AFE34AC2@mac.com> <200505181556.44648.kirk@strauser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart4943895.hzNnntzRjJ Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Mittwoch, 18. Mai 2005 22:56 schrieb Kirk Strauser: > On Tuesday 17 May 2005 09:36, Peter Kropholler wrote: > > As things stand, ssh is designed so you can't get at people's > > passwords and I am leaving it alone. Focussing instead on the task of > > making sure my passwords are strong, limiting AllowUsers to specific > > users and trusted ip addresses, and moving ssh off port 22. > > Alternatively, scrap all that and force RSA authentication after > disabling password login. I could give you my root password (and even > my personal password) and there isn't jack you can do with it because no > services authenticate off it; it's only useful for logging in locally. IMHO that's the only way to cope with these crappy hacked boxes.=20 Additionally that was the original idea of SSH as far as I know. Maybe time to think about disabling ChallangeResponseAtuh=20 in /etc/ssh/sshd_conf by default in FreeBSD? =2DHarry --nextPart4943895.hzNnntzRjJ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCi699Bylq0S4AzzwRAihLAJ9fqcCLfiI2Kdf/49LF2u4zdBLMDgCff1BF etG+9kBye8PMYiB5L/f7+ag= =sic/ -----END PGP SIGNATURE----- --nextPart4943895.hzNnntzRjJ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505182311.25158>