Security Incidents mailing list archives

Re: RE: Internet SSH scans

From: Michael.Lang () jackal-net at
Date: 23 Mar 2006 09:01:08 -0000

*urgh* thats why things go terribly wrong. 

Security by obscurity isn't save, wasnt and will never be, if you just dont want the LogEntrys, exclude it from your 
Syslog.

if you want to secure your SSH Service, try following steps:

 - if possible, use a seperate LAN (MGMT) and bind 
    your Service to this LAN only.
    if theres no physical seperated LAN, build a 
    virtual seperated LAN (IPSec, ...)
 - disable the weakest Authentication (Password)
 - enforce your Authentication (RSA Keys) by 
    limiting the usage (man sshd, look for from=)
 - enforce better policy in SSHD config, limit 
    retrys, ... for my understanding it doesnt 
    make sence to lockout root. there are enought 
    exploits to gain root access anyway.
 - if you still want to limit the IP/TCP access to  
    SSH Service, do it on your Router infront of 
    the Machine.

there are no 15 bricks to stumble over  for allowed access, its transparent for upgrades, and its even more secure as 
theres no forgotten dependency.

my 5 cents
Greetz mIke

Current thread:

Re: RE: Internet SSH scans, (continued)
- Re: RE: Internet SSH scans joakim . berge (Mar 03)
- Re: Re: RE: Internet SSH scans mrbits (Mar 03)
  - RE: Internet SSH scans Adriano Carvalho (Mar 21)
    - Re: Internet SSH scans Valdis . Kletnieks (Mar 22)
    - Re: Internet SSH scans Adriano Carvalho (Mar 22)
- RE: Internet SSH scans William Tarkington (Mar 03)
  - Re: Internet SSH scans ilaiy (Mar 03)
  - Re: Internet SSH scans Stephen J. Smoogen (Mar 03)
- RE: RE: Internet SSH scans Teodorski, Chris (Mar 03)
- Re: Re: Internet SSH scans notonyour (Mar 04)
- Re: RE: Internet SSH scans Michael . Lang (Mar 23)
  - Re: Internet SSH scans Valdis . Kletnieks (Mar 23)