Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Any update on SSH brute force attempts?
From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 18 Oct 2004 06:41:31 -0500 (CDT)

On Mon, 18 Oct 2004, Dave Ewart wrote:

Hash: SHA1

On Friday, 15.10.2004 at 17:53 -0400, Jay Libove wrote:

What are you doing/changing about your SSH configurations to reduce
the possibility of these attacks finding any kind of hole in the
OpenSSH software (that's what I run, so that's the only version I'm
particularly concerned about) ?  Are you doing anything at all?

Attacks on my system seemed to be restricted to root, so I set the
'PermitRootLogin without-password' option, so that no root logins using
a password were possible - must be RSA key.  I also switched to
non-standard port.

Why not just disallow root logins directly, and force someone with a valid
user account to su after getting a shell?  It was my impression that was
more standard, and if one has to allow remote root directly, at least
restrict it to specific systems and users.  All the places I have worked
for forced the su after shell to root..


Ron DuFresne
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]