nanog mailing list archives
Re: de-peering for security sake
From: Jared Mauch <jared () puck nether net>
Date: Sat, 26 Dec 2015 16:21:03 -0500
On Dec 26, 2015, at 11:14 AM, Joe Abley <jabley () hopcount ca> wrote: With respect to ssh scans in particular -- disable all forms of password authentication and insist upon public key authentication instead. If the password scan log lines still upset you, stop logging them.
Or if you can’t get users to use keys (aside from remove the users) consider things like:
example /etc/ssh/sshd_config
Match User root
PasswordAuthentication no
for users that should not be permitted to fall-back to password authentication.
- Jared
Current thread:
- Re: de-peering for security sake, (continued)
- Re: de-peering for security sake Mike Hale (Dec 27)
- Re: de-peering for security sake Randy Bush (Dec 27)
- Re: de-peering for security sake Owen DeLong (Dec 27)
- Re: de-peering for security sake Baldur Norddahl (Dec 27)
- Re: de-peering for security sake Owen DeLong (Dec 27)
- Re: de-peering for security sake Mike Hale (Dec 27)
- Re: de-peering for security sake Matthew Petach (Dec 26)
- Re: de-peering for security sake Damian Menscher via NANOG (Dec 26)
- Re: de-peering for security sake Valdis . Kletnieks (Dec 26)
- Re: de-peering for security sake James Downs (Dec 27)
- Re: de-peering for security sake Jared Mauch (Dec 26)
- Re: de-peering for security sake Mike Hammett (Dec 26)
- Re: de-peering for security sake Owen DeLong (Dec 26)
- Re: de-peering for security sake Mark Tinka (Dec 25)
- Re: de-peering for security sake Joel Jaeggli (Dec 24)
- Re: de-peering for security sake Max Tulyev (Dec 25)
- RE: Broadband Router Comparisons Keith Medcalf (Dec 24)
- Re: Broadband Router Comparisons Mikael Abrahamsson (Dec 26)
- Re: Broadband Router Comparisons Valdis . Kletnieks (Dec 27)