[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OT: Security....



I do see more brute force attempts @ ssh these days and start wondering
how much longer some script kiddie needs to make the algortihm a bit more
clever (and eg attack user names on certain hosts which are likely to
exist. This could be harvested eg from email addresses...).

I have hacked a script which tails /var/log/secure and reacts on attempts
to log in as root with password. Such offending IPs are then denied port
22 access. Any comments, positive or negative, on this?

IMO:


Don't use port 22.  Choose a 'random' high port.  If that won't work
for you, e.g. you need access to your machine from behind a customer's
firewall that blocks most outgoing ports, use some other port that
they do allow and is not commonly scanned.

Disable password authentication and use RSA, unless you really need to
access your fedora from a system not known in advance.  Think twice
about that; the system could have a keystroke logger, etc.

If you only need SSH access from specific locations, allow only
specific IPs (or if dynamic, small IP ranges) to connect.

Of course, promptly install any security patches for SSH.

I see no problem with your automatic blocking, as long as a
valid user will not accidentally trigger it.  For example, if
you normally log in as root using RSA, and RSA authentication
fails because of a transient technical problem, then the client
might default to password authentication and trigger your
block.  That should not be a problem, if the account you connect
to is not named 'root'.

--Stewart


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]