Date: Thu, 19 May 2005 03:36:53 -0600 From: Ed Stover <estover@nativenerds.com> To: Emanuel Strobl <Emanuel.strobl@gmx.net> Cc: freebsd-questions@freebsd.org Subject: Re: illegal user root user failed login attempts Message-ID: <428C5E35.50101@nativenerds.com> In-Reply-To: <200505182311.25158@harrymail> References: <C993D184-EDA6-446B-96CC-59B9AFE34AC2@mac.com> <200505181556.44648.kirk@strauser.com> <200505182311.25158@harrymail>
next in thread | previous in thread | raw e-mail | index | archive | help
Emanuel Strobl wrote: > Am Mittwoch, 18. Mai 2005 22:56 schrieb Kirk Strauser: > >>On Tuesday 17 May 2005 09:36, Peter Kropholler wrote: >> >>>As things stand, ssh is designed so you can't get at people's >>>passwords and I am leaving it alone. Focussing instead on the task of >>>making sure my passwords are strong, limiting AllowUsers to specific >>>users and trusted ip addresses, and moving ssh off port 22. >> >>Alternatively, scrap all that and force RSA authentication after >>disabling password login. I could give you my root password (and even >>my personal password) and there isn't jack you can do with it because no >>services authenticate off it; it's only useful for logging in locally. > > > IMHO that's the only way to cope with these crappy hacked boxes. > Additionally that was the original idea of SSH as far as I know. > Maybe time to think about disabling ChallangeResponseAtuh > in /etc/ssh/sshd_conf by default in FreeBSD? > > -Harry There is a wealth of things that we can do to for protection: 1:(mentioned earlier) move ssh off port 22 2:use tcp wrappers "/etc/hosts.allow" 3:don't allow users to have a shell or at least restrict the shell (rbash) 4:firewall incoming ssh connections One of my personal favorite things to do is: move ssh to port 1001 install portsentry have portsentry listen to port 22 log, report to abuse, and repeat you could even finger the machine that is trying to connect. It will tell you who was logged onto it when the incident happened.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?428C5E35.50101>