[K12OSN] Help - possible hacking of our NFS/NIS LTSP server

[Rob Owens]

--- Shane Stafford <staffords at glenburn.net> wrote:

> So was the script kiddie attacking trying ssh logins
> into other machines? 
> I think I saw your earlier post and thought it was
> doing other things.
> You speaking of a successful login via ssh into a
> trivial account?
> 
> We do use some pretty trivial accounts for the K and
> 1 kids.
> 
> thanks


Do you mean that you have ssh access enabled for even
your K and 1st grade kids?  If so, you should disable
that.  Here are a couple of things I recommend putting
in your sshd_config file for safer ssh: 

1)  use the "AllowUsers" or "AllowGroups" rule to
allow ssh only for those who really need it.

2)  disable password authentication in favor of public
key authentication.  PasswordAuthentication no

3)  PermitEmptyPasswords no  -- this is probably a
default setting

4)  PermitRootLogin no  -- again, probably already a
default setting

5)  set a low LoginGraceTime.  If it's set at say, 30
seconds, and a correct password hasn't been guessed in
that amount of time, the would-be hacker has to
re-initiate the connection.  This might not be too
effective against scripts.

6)  set a low MaxAuthTries, for the same reasons as in
#5.

7)  set a low MaxStartups.  This is the total # of
login attempts that can be happenning simultaneously.

8)  PermitEmptyPasswords no  -- probably a default
setting.

Can anybody tell me if I've missed something?

-Rob



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/