[K12OSN] Help: System intrusion through ssh and a weak password
Sam Snow
snowsam at laurel-point.net
Sat May 5 21:12:28 UTC 2007
k12osn-request at redhat.com wrote:
> Message: 1
> Date: Sat, 5 May 2007 12:10:03 +0200
> From: Nils Breunese <nils at breun.nl>
> Subject: Re: [K12OSN] Help: System intrusion through ssh and a weak
> password
> To: "Support list for open source software in schools."
> <k12osn at redhat.com>
> Message-ID: <F470FC43-A45D-4E16-8F4F-72DE5F9C2385 at breun.nl>
> Content-Type: text/plain; charset="us-ascii"
>
> Op 5-mei-2007, om 8:53 heeft Nadav Kavalerchik het volgende geschreven:
>
>
>> we're using freenx through ssh to remote control all the school
>> that are installed with ltsp
>>
>> what we did is moved the ssh port somewhere high in the port list,
>> it solved all the "scanning" and trying to "break in" log entries
>> that we used to see in the log file :-)
>>
>> (i wonder how long it will last)
>>
>
> I like to setup SSH keys, disable PasswordAuthentication and install
> something like Fail2Ban or DenyHosts. That should keep them out and
> keep your logs from growing like mad.
>
> Nils Breunese.
>
>
I use also use fail2ban (http://sourceforge.net/projects/fail2ban ),
which scans the system logs and when someone gets a password wrong X
number of times in Y time period, their IP address is blocked for Z
ammount of time. I use it on a debian machine, and there is a package,
but it can be used on other flavors of Linux as well.
Sam
http://www.onlinegrades.org/ - Free software for securely posting
student grades online
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070505/fa0c1634/attachment.htm>
More information about the K12OSN
mailing list