is this an intruder?
Malcolm Kay
malcolm.kay at internode.on.net
Sun Jan 8 16:08:16 UTC 2006
On Sun, 8 Jan 2006 05:55 am, Bliss, Aaron wrote:
> I would be careful of using the wheel group to allow ssh
> logins, as admins typically use this group in sudoers file to
> grant root access for non-root users; granting the wheel group
> ssh logins as well as root access is essentially allowing root
> access over ssh anyway; although an outside attacker would at
> least have to guess the non-root user's id and password.
>
> -----Original Message-----
> From: Stephen Carville [mailto:stephen at totalflood.com]
> Sent: Saturday, January 07, 2006 9:40 AM
> To: General Red Hat Linux discussion list
> Subject: Re: is this an intruder?
>
> Marty Landman wrote:
> > Not sure if I'm reading this right as this is new to me but
> > it appears someone in Denmark spent about 10 minutes trying
> > a variety of userid's to start an ssh session on my network
> > gateway.
>
> Yep! If you do not need ssh, your best defense is to disable
> it.
>
> Otherwise.
>
> Turn off root login and designate a group for oter ssh logins.
> At home I just use "wheel."
>
This sounds dangerous -- wheel is normally an alternative to the
root group introduced for compatibility with some forms of BSD
where it is the base privileged group.
Malcolm Kay
> in /etc/ssh/sshd_config
>
> PermitRootLogin no
> AllowGroups wheel
>
> Restart sshd
>
> Put you and anyone else who must have ssh access in the group
> wheel. Make sure they have good passwords.
>
> Other possible changes are to only allow ssh protocol 2 and to
> change the external port. Check 'Protocol", "Port" and
> ListenAddress" in man sshd_config.
>
More information about the redhat-list
mailing list