is this an intruder?
Michael D. Berger
m.d.berger at ieee.org
Sat Jan 7 20:58:22 UTC 2006
What about protocol 2 RSA PubkeyAuthentication? Doesn't this
provide enough protection so that the selection of users and
groups is not important?
Mike.
--
Michael D. Berger
m.d.berger at ieee.org
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Bliss, Aaron
> Sent: Saturday, January 07, 2006 2:25 PM
> To: 'Stephen Carville'; General Red Hat Linux discussion list
> Subject: RE: is this an intruder?
>
>
> I would be careful of using the wheel group to allow ssh
> logins, as admins
> typically use this group in sudoers file to grant root access
> for non-root
> users; granting the wheel group ssh logins as well as root access is
> essentially allowing root access over ssh anyway; although an outside
> attacker would at least have to guess the non-root user's id
> and password.
>
> -----Original Message-----
> From: Stephen Carville [mailto:stephen at totalflood.com]
> Sent: Saturday, January 07, 2006 9:40 AM
> To: General Red Hat Linux discussion list
> Subject: Re: is this an intruder?
>
> Marty Landman wrote:
>
> > Not sure if I'm reading this right as this is new to me but
> it appears
> > someone in Denmark spent about 10 minutes trying a variety
> of userid's
> > to start an ssh session on my network gateway.
>
> Yep! If you do not need ssh, your best defense is to disable it.
>
> Otherwise.
>
> Turn off root login and designate a group for oter ssh
> logins. At home
> I just use "wheel."
>
> in /etc/ssh/sshd_config
>
> PermitRootLogin no
> AllowGroups wheel
>
> Restart sshd
>
> Put you and anyone else who must have ssh access in the group wheel.
> Make sure they have good passwords.
>
> Other possible changes are to only allow ssh protocol 2 and to change
> the external port. Check 'Protocol", "Port" and
> ListenAddress" in man
> sshd_config.
>
> --
> Stephen Carville <stephen at totalflood.com>
> Unix and Network Admin
> Nationwide Totalflood
> 6033 W. Century Blvd
> Los Angeles, CA 90045
> 310-342-3602
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
> www.preferredcare.org
> "An Outstanding Member Experience," Preferred Care HMO Plans
> -- J. D. Power and Associates
>
> Confidentiality Notice:
> The information contained in this electronic message is
> intended for the exclusive use of the individual or entity
> named above and may contain privileged or confidential
> information. If the reader of this message is not the
> intended recipient or the employee or agent responsible to
> deliver it to the intended recipient, you are hereby notified
> that dissemination, distribution or copying of this
> information is prohibited. If you have received this
> communication in error, please notify the sender immediately
> by telephone and destroy the copies you received.
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list