Heads up: Brute force attacks on the rise recently
Tom Horsley
tom.horsley at att.net
Thu Oct 29 15:59:59 UTC 2009
On Thu, 29 Oct 2009 09:59:27 -0400
rgheck wrote:
> On 10/28/2009 07:44 PM, Tom Horsley wrote:
> > On Wed, 28 Oct 2009 18:03:29 -0500
> > Michael Cronenworth wrote:
> >
> >
> >> -Make sure your root password is not a dictionary word.
> >>
> > Better yet, make sure you only allow public key login from
> > outside the trusted local network. I've been setting up my
> > sshd that way for a long time now.
> >
> >
> Can you show how to do this? I only know how to make the choice globally.
>
> rh
>
>
I globally disable various things in the main /etc/ssh/sshd_config
file, then I use a "Match" directive at the bottom, which for me
looks like:
Match Address 127.0.0.1,192.168.1.*
Banner /etc/nohamster.txt
GSSApiAuthentication yes
KerberosAuthentication no
PasswordAuthentication yes
KbdInteractiveAuthentication no
RhostsRSAAuthentication no
RSAAuthentication no
That overries the global settings for requests originating
from the matched IP addrs.
More information about the fedora-list
mailing list