Security Incidents mailing list archives
Re: [incidents] SSH scans...
From: Tim Kennedy <tim () timkennedy net>
Date: Mon, 20 Dec 2004 20:01:05 +0000
Dejan & Incidents users, If you're running Linux, there is one easy limit within PAM that you can make, to prevent the unauthorized compromise of unused accounts. Most linux distro's ship with a PAM module called pam_succeed_if.so, in /usr/lib/security. You can use this to limit logins, by any number of characteristics, but login name is the one I use. so, in /etc/pam.d/sshd, in place of: account required pam.stack.so service=system-auth I add a line like: account sufficient pam_succeed_if.so login = username and comment out the system-auth line: account sufficient pam_succeed_if.so login = gbush account sufficient pam_succeed_if.so login = tblair account sufficient pam_succeed_if.so login = jhoward #account required pam.stack.so service=system-auth This limits logins to only the small number of users allowed to SSH in, and restricts other users, even if they have valid accounts. For instance, perhaps a mail-only users, or something. -Tim -- Tim Kennedy || There are 10 types of people on Earth. http://public.xdi.org/=tck || Those who understand binary, tim () timkennedy net || and those who don't.
Current thread:
- SSH scans... Dejan Markovic (Dec 20)
- Re: SSH scans... Harald Nesland (Dec 20)
- RE: SSH scans... another possible solution Ron Moore (Dec 20)
- Re: SSH scans... Dejan Markovic (Dec 20)
- Re: SSH scans... Barrie Dempster (Dec 20)
- Re: [incidents] SSH scans... Tim Kennedy (Dec 20)
- Message not available
- Re: [incidents] SSH scans... Tim Kennedy (Dec 20)
- Message not available
- Re: SSH scans... Harald Nesland (Dec 20)
- Re: SSH scans... Keith Morgan (Dec 20)
- Re: SSH scans... Gerry Dalton (Dec 20)
- Re: SSH scans... Peter Willis (Dec 20)
- Re: SSH scans... skippy1 (Dec 21)
- Re: SSH scans... Peter Willis (Dec 20)
- Re: SSH scans... Raymond Lillard (Dec 20)
- Re: SSH scans... Ben Nelson (Dec 20)
- Re: SSH scans... Steve Kemp (Dec 20)
- RE: SSH scans... KEM Hosting (Dec 21)
- Re: SSH scans... Michael H. Warfield (Dec 21)
- Re: SSH scans... nixsec (Dec 22)