mailing list archives
Re: Re: Re: Any update on SSH brute force attempts?
From: Barrie Dempster <barrie () reboot-robot net>
Date: Tue, 19 Oct 2004 11:47:56 +0100
On Tue, 2004-10-19 at 11:00 +0100, Ronny Adsetts wrote:
How about where you have no local users except root - all other users are via
LDAP or similar - and some catastrophe takes out your user DB? Allowing root
ssh login will at least get you access to the box.
Allowing root ssh access but setting policy on its use seems a better option
to me. And running jack the ripper on your password hashes of course.
Firstly, your DB would be backed up so you could restore the system,
however ignoring that, and lets assume that for some reason we can't
restore, which I admit is possible.
You can configure your machine to fallback onto local password files in
the absence of the the LDAP server, so I would keep a local user account
on the server for just such emergency scenarios.
This is in the situation where i can't get to the box locally, however I
always provision for local access either in person or via a third party
to any system I maintain, so I have never had to deal with this. Local
access is a must in order to retain reliable uptime in my opinion.
Multi-admin to me, means multi-access level, fine control and not giving
any one more access than they require. I can see your point, but the
technology provisions for it.
(excellent domain/company name BTW)
Barrie Dempster (zeedo) - Fortiter et Strenue
[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Description: This is a digitally signed message part
Re: Any update on SSH brute force attempts? Miriam Chan (Oct 24)
Re: Any update on SSH brute force attempts? Jay Libove (Oct 24)
- RE: Re: Any update on SSH brute force attempts?, (continued)