is this an intruder?

Michael D. Berger m.d.berger at ieee.org
Sat Jan 7 20:58:22 UTC 2006 

What about protocol 2 RSA PubkeyAuthentication?  Doesn't this
provide enough protection so that the selection of users and
groups is not important?
Mike.

--
Michael D. Berger
m.d.berger at ieee.org 

> -----Original Message-----
> From: redhat-list-bounces at redhat.com 
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Bliss, Aaron
> Sent: Saturday, January 07, 2006 2:25 PM
> To: 'Stephen Carville'; General Red Hat Linux discussion list
> Subject: RE: is this an intruder?
> 
> 
> I would be careful of using the wheel group to allow ssh 
> logins, as admins
> typically use this group in sudoers file to grant root access 
> for non-root
> users; granting the wheel group ssh logins as well as root access is
> essentially allowing root access over ssh anyway; although an outside
> attacker would at least have to guess the non-root user's id 
> and password.
> 
> -----Original Message-----
> From: Stephen Carville [mailto:stephen at totalflood.com] 
> Sent: Saturday, January 07, 2006 9:40 AM
> To: General Red Hat Linux discussion list
> Subject: Re: is this an intruder?
> 
> Marty Landman wrote:
> 
> > Not sure if I'm reading this right as this is new to me but 
> it appears 
> > someone in Denmark spent about 10 minutes trying a variety 
> of userid's 
> > to start an ssh session on my network gateway.
> 
> Yep!  If you do not need ssh, your best defense is to disable it.
> 
> Otherwise.
> 
> Turn off root login and designate a group for oter ssh 
> logins.  At home 
> I just use "wheel."
> 
> in /etc/ssh/sshd_config
> 
> PermitRootLogin  no
> AllowGroups      wheel
> 
> Restart sshd
> 
> Put you and anyone else who must have ssh access in the group wheel. 
> Make sure they have good passwords.
> 
> Other possible changes are to only allow ssh protocol 2 and to change 
> the external port.  Check 'Protocol", "Port" and 
> ListenAddress" in man 
> sshd_config.
> 
> -- 
> Stephen Carville <stephen at totalflood.com>
> Unix and Network Admin
> Nationwide Totalflood
> 6033 W. Century Blvd
> Los Angeles, CA 90045
> 310-342-3602
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> 
> www.preferredcare.org
> "An Outstanding Member Experience," Preferred Care HMO Plans 
> -- J. D. Power and Associates
> 
> Confidentiality Notice:
> The information contained in this electronic message is 
> intended for the exclusive use of the individual or entity 
> named above and may contain privileged or confidential 
> information.  If the reader of this message is not the 
> intended recipient or the employee or agent responsible to 
> deliver it to the intended recipient, you are hereby notified 
> that dissemination, distribution or copying of this 
> information is prohibited.  If you have received this 
> communication in error, please notify the sender immediately 
> by telephone and destroy the copies you received.
> 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list