is this an intruder?

Northrup, Wilson wilson_northrup at merck.com
Sun Jan 8 23:26:55 UTC 2006 

Generally when I get these, I take the logs and share them with the
offenders ISP.   I don't always have great results, but sometimes I do.

Also, iwhen possible, I moce the port that ssh listens on, and disallow
logins from all but known networks.  Obviously, that is not possible for
everyone. 


wilson


-----Original Message-----
From: redhat-list-bounces at redhat.com
To: General Red Hat Linux discussion list
Sent: Sat Jan 07 09:40:26 2006
Subject: Re: is this an intruder?

Marty Landman wrote:

> Not sure if I'm reading this right as this is new to me but it appears 
> someone in Denmark spent about 10 minutes trying a variety of userid's 
> to start an ssh session on my network gateway.

Yep!  If you do not need ssh, your best defense is to disable it.

Otherwise.

Turn off root login and designate a group for oter ssh logins.  At home 
I just use "wheel."

in /etc/ssh/sshd_config

PermitRootLogin  no
AllowGroups      wheel

Restart sshd

Put you and anyone else who must have ssh access in the group wheel. 
Make sure they have good passwords.

Other possible changes are to only allow ssh protocol 2 and to change 
the external port.  Check 'Protocol", "Port" and ListenAddress" in man 
sshd_config.

-- 
Stephen Carville <stephen at totalflood.com>
Unix and Network Admin
Nationwide Totalflood
6033 W. Century Blvd
Los Angeles, CA 90045
310-342-3602

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



------------------------------------------------------------------------------
Notice:  This e-mail message, together with any attachments, contains information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station, New Jersey, USA 08889), and/or its affiliates (which may be known outside the United States as Merck Frosst, Merck Sharp & Dohme or MSD and in Japan, as Banyu) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message.  If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system.
------------------------------------------------------------------------------

More information about the redhat-list mailing list