how to react on ssh attacks?
Joel Jaeggli
joelja at darkwing.uoregon.edu
Tue Oct 25 17:08:00 UTC 2005
On Tue, 25 Oct 2005, Michael A. Peters wrote:
> On Mon, 2005-10-24 at 20:53 -0700, Joel Jaeggli wrote:
>> On Tue, 25 Oct 2005, Danny Terweij - Net Tuning | Net wrote:
>>
>>> From: "Michael A. Peters" <mpeters at mac.com>
>>>
>>>>> As you have already realized, it is generally not safe to allow ssh
>>>>> access for root. In fact, Fedora by default does not allow root to have
>>>>> ssh access.
>>
>> Ask yourself why is is not safe to ssh to root?
>
> It's a known user ID on a system, and an incredibly powerful one.
> No one will have root access that doesn't have a regular user account as
> well, therefore, forcing remote root users to first log in as their
> regular user and then su to root prevents a known username that happens
> to be all powerful from being bute-forced.
no-one is brute-forcing my ssh dsa private key. by that measure alone,
allowing ssh isn't unsafe at all. if you want to require it for root, set:
PermitRootLogin without-password
no password attacks against root will ever work again.
> Furthermore, if you ssh in as root - there is no accountability.
Sure there is. That depends on what logging you choose to do and where.
We do process accounting, and centralized syslogging so our syslog hosts
have a pretty good audit-trail for what goes on on our hosts.
> If you ssh in as a user and then su to root, that action is recorded in
> the log files - and you know who logged into root and when.
And you log which key was used to know as well. If
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja at darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
More information about the fedora-list
mailing list