| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.GSO.4.43.0410180638300.27276-100000@tundra.winternet.com> From: dufresne at winternet.com (Ron DuFresne) Subject: Re: Any update on SSH brute force attempts? On Mon, 18 Oct 2004, Dave Ewart wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Friday, 15.10.2004 at 17:53 -0400, Jay Libove wrote: > > > What are you doing/changing about your SSH configurations to reduce > > the possibility of these attacks finding any kind of hole in the > > OpenSSH software (that's what I run, so that's the only version I'm > > particularly concerned about) ? Are you doing anything at all? > > Attacks on my system seemed to be restricted to root, so I set the > 'PermitRootLogin without-password' option, so that no root logins using > a password were possible - must be RSA key. I also switched to > non-standard port. > Why not just disallow root logins directly, and force someone with a valid user account to su after getting a shell? It was my impression that was more standard, and if one has to allow remote root directly, at least restrict it to specific systems and users. All the places I have worked for forced the su after shell to root.. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists