nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: de-peering for security sake

From: Mike Hammett <nanog () ics-il net>
Date: Sat, 26 Dec 2015 16:42:53 -0600 (CST)
Different network types will have different abilities to enforce this. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 



Midwest Internet Exchange 
http://www.midwest-ix.com 


----- Original Message -----

From: "Jared Mauch" <jared () puck nether net> 
To: "Joe Abley" <jabley () hopcount ca> 
Cc: nanog () nanog org 
Sent: Saturday, December 26, 2015 3:21:03 PM 
Subject: Re: de-peering for security sake 



On Dec 26, 2015, at 11:14 AM, Joe Abley <jabley () hopcount ca> wrote: 

With respect to ssh scans in particular -- disable all forms of 
password authentication and insist upon public key authentication 
instead. If the password scan log lines still upset you, stop logging 
them. 


Or if you can’t get users to use keys (aside from remove the users) consider things like: 

example /etc/ssh/sshd_config 
Match User root 
PasswordAuthentication no 

for users that should not be permitted to fall-back to password authentication. 

- Jared
Previous By Date Next
Previous By Thread Next

Current thread: