Full Disclosure mailing list archives
Re: Re: Any update on SSH brute force attempts?
From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 18 Oct 2004 06:41:31 -0500 (CDT)
On Mon, 18 Oct 2004, Dave Ewart wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 15.10.2004 at 17:53 -0400, Jay Libove wrote:What are you doing/changing about your SSH configurations to reduce the possibility of these attacks finding any kind of hole in the OpenSSH software (that's what I run, so that's the only version I'm particularly concerned about) ? Are you doing anything at all?Attacks on my system seemed to be restricted to root, so I set the 'PermitRootLogin without-password' option, so that no root logins using a password were possible - must be RSA key. I also switched to non-standard port.
Why not just disallow root logins directly, and force someone with a valid user account to su after getting a shell? It was my impression that was more standard, and if one has to allow remote root directly, at least restrict it to specific systems and users. All the places I have worked for forced the su after shell to root.. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Any update on SSH brute force attempts? Jay Libove (Oct 15)
- Re: Any update on SSH brute force attempts? James Riden (Oct 15)
- Re: Any update on SSH brute force attempts? Kevin (Oct 15)
- Re: Any update on SSH brute force attempts? Frank Knobbe (Oct 16)
- Re: Any update on SSH brute force attempts? Kevin (Oct 15)
- Message not available
- Re: Any update on SSH brute force attempts? Jay Libove (Oct 16)
- Re: Re: Any update on SSH brute force attempts? Tim (Oct 16)
- RE: Re: Any update on SSH brute force attempts? Sean Crawford (Oct 16)
- Re: Any update on SSH brute force attempts? Jay Libove (Oct 16)
- Re: Any update on SSH brute force attempts? James Riden (Oct 15)
- Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Raj Mathur (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)
- Re: Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Re: Any update on SSH brute force attempts? Ronny Adsetts (Oct 19)
- Re: Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 19)
- Re: Re: Re: Any update on SSH brute force attempts? Ronny Adsetts (Oct 20)