Security Incidents mailing list archives
Re: RE: Internet SSH scans
From: Michael.Lang () jackal-net at
Date: 23 Mar 2006 09:01:08 -0000
*urgh* thats why things go terribly wrong. Security by obscurity isn't save, wasnt and will never be, if you just dont want the LogEntrys, exclude it from your Syslog. if you want to secure your SSH Service, try following steps: - if possible, use a seperate LAN (MGMT) and bind your Service to this LAN only. if theres no physical seperated LAN, build a virtual seperated LAN (IPSec, ...) - disable the weakest Authentication (Password) - enforce your Authentication (RSA Keys) by limiting the usage (man sshd, look for from=) - enforce better policy in SSHD config, limit retrys, ... for my understanding it doesnt make sence to lockout root. there are enought exploits to gain root access anyway. - if you still want to limit the IP/TCP access to SSH Service, do it on your Router infront of the Machine. there are no 15 bricks to stumble over for allowed access, its transparent for upgrades, and its even more secure as theres no forgotten dependency. my 5 cents Greetz mIke
Current thread:
- Re: RE: Internet SSH scans, (continued)
- Re: RE: Internet SSH scans joakim . berge (Mar 03)
- Re: Re: RE: Internet SSH scans mrbits (Mar 03)
- RE: Internet SSH scans Adriano Carvalho (Mar 21)
- Re: Internet SSH scans Valdis . Kletnieks (Mar 22)
- Re: Internet SSH scans Adriano Carvalho (Mar 22)
- RE: Internet SSH scans Adriano Carvalho (Mar 21)
- RE: Internet SSH scans William Tarkington (Mar 03)
- Re: Internet SSH scans ilaiy (Mar 03)
- Re: Internet SSH scans Stephen J. Smoogen (Mar 03)
- RE: RE: Internet SSH scans Teodorski, Chris (Mar 03)
- Re: Re: Internet SSH scans notonyour (Mar 04)
- Re: RE: Internet SSH scans Michael . Lang (Mar 23)
- Re: Internet SSH scans Valdis . Kletnieks (Mar 23)