[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: More SSH 'trolling'



On Thu, Oct 14, 2004 at 10:18:13AM -0600, Rodolfo J. Paiz wrote:
> On Thu, 2004-10-14 at 17:06 +0200, Alexander Dalloz wrote:
> > You don't need to modify the SSH PAM module to restrict SSH connects for
> > specific accounts. That has been said before in this thread -> man
> > sshd_config --> AllowUsers + AllowGroups
> > 
> 
> Also remember to disable SSH protocol version 1, which is inherently
> insecure. Your /etc/ssh/sshd_config file probably has "Protocol 2,1" in
> it somewhere. Simply change that line to say "Protocol 2".

Some folks with longish memories will recall that ssh had a bug 
some time back.  That bug made rsh more secure than ssh.

It is important to know how to turn on an alternative and test it in
advance (test then disable).  During the time it takes to distribute
a bug fix something different an alternative might be needed.

Also -- no one mentioned BACKUPS....

Also consider the chicken and egg risk of reinstalling software on a
system that has been rootkited.  The flaw might be in the base
distribution.  If you reinstall the base system from scratch you need
to patch it prior to exposing it on the net. However, you might need
to put that same box on the net to download the necessary fix.  If the
bug is in an unneeded service you can update without exposure to the
old risk by not enabling it.  But we do not know what we do not know.


-- 
	T o m  M i t c h e l l 
	May your cup runneth over with goodness and mercy
	and may your buffers never overflow.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]