is this an intruder?
Stephen Carville
stephen at totalflood.com
Sat Jan 7 14:40:26 UTC 2006
Marty Landman wrote:
> Not sure if I'm reading this right as this is new to me but it appears
> someone in Denmark spent about 10 minutes trying a variety of userid's
> to start an ssh session on my network gateway.
Yep! If you do not need ssh, your best defense is to disable it.
Otherwise.
Turn off root login and designate a group for oter ssh logins. At home
I just use "wheel."
in /etc/ssh/sshd_config
PermitRootLogin no
AllowGroups wheel
Restart sshd
Put you and anyone else who must have ssh access in the group wheel.
Make sure they have good passwords.
Other possible changes are to only allow ssh protocol 2 and to change
the external port. Check 'Protocol", "Port" and ListenAddress" in man
sshd_config.
--
Stephen Carville <stephen at totalflood.com>
Unix and Network Admin
Nationwide Totalflood
6033 W. Century Blvd
Los Angeles, CA 90045
310-342-3602
More information about the redhat-list
mailing list