mailing list archives
Re: Re: Any update on SSH brute force attempts?
From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 18 Oct 2004 06:41:31 -0500 (CDT)
On Mon, 18 Oct 2004, Dave Ewart wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On Friday, 15.10.2004 at 17:53 -0400, Jay Libove wrote:
What are you doing/changing about your SSH configurations to reduce
the possibility of these attacks finding any kind of hole in the
OpenSSH software (that's what I run, so that's the only version I'm
particularly concerned about) ? Are you doing anything at all?
Attacks on my system seemed to be restricted to root, so I set the
'PermitRootLogin without-password' option, so that no root logins using
a password were possible - must be RSA key. I also switched to
Why not just disallow root logins directly, and force someone with a valid
user account to su after getting a shell? It was my impression that was
more standard, and if one has to allow remote root directly, at least
restrict it to specific systems and users. All the places I have worked
for forced the su after shell to root..
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Full-Disclosure - We believe in it.
Re: Any update on SSH brute force attempts? Miriam Chan (Oct 24)