[Fedora] hack attempt on my server...What do you do about this?
James Wilkinson
james at westexe.demon.co.uk
Tue Jul 20 16:31:46 UTC 2004
Lew Bloch wrote:
> One thing the original poster seems to have discovered:
>
> >Jul 17 14:42:27 localhost sshd[6748]:
> >Illegal user guest from 130.120.81.14
> >Jul 17 14:42:30 localhost sshd[6748]:
> >Failed password for illegal user guest
> >from 130.120.81.14 port 48753 ssh2
>
> is that Linux security is fairly strong against such attacks, provided
> of course you don't have a hackable "test" or "guest" username.
I've had similar lines in "my" AIX server at work. There, the attacks
got caught first by the AllowGroups line in the sshd_config file.
(I have a ssh-user group containing only those users who need to log
in.)
Notably, even "root" got caught by the AllowGroups setting, even though
I have PermitRootLogin no
If you want an extra level of security (so you don't have to worry about
weak passwords if you do have a test account), you might want to look
into the AllowGroups setting.
For various obscure reasons (not security), my Fedora sshd runs on a
non-standard port. Relying on "security through obscurity" is not a good
idea (someone will discover the obscurity), but it does cut down the
number of opportunistic cracking attempts!
James.
--
E-mail address: james@ | I learnt the rules of rugby. There is only one rule.
westexe.demon.co.uk | "Skip it by any means necessary".
More information about the fedora-list
mailing list