You can always set up ssh to use host keys. Here are two howto's on what
else? How to set them up.
http://www.securityfocus.com/infocus/1806 Part 1
http://www.securityfocus.com/infocus/1810 Part 2
Dan.
Steven Critchfield wrote:
On Thu, 2005-02-10 at 09:08 -0700, Colin Anderson wrote:
The hack came in through ssh.
IMO, your best defence is an extremely strong root password; I am often
mortified by looking at my logs and seeing all of the login attempts through
SSH.
OT: I am not up on Linux script-kiddie type tools, but I assume that there
is a script of some sort that automates SSH probes. Can anyone suggest a
good counter i.e. honeypot or throttling logon attempts. Yes, I know I can
google it, but I'd rather hear the opinion of real Linux experts rather than
the "experts" at About.com.
First, turn off root access from ssh. That is the first problem. Root
should never be allowed to login except on console.
Second, become familiar with su or sudo.
Once you learn to login as your user and use su to become root, you
learn that you have about three times as long of a root password. The
first portion being a valid username, the second portion being a
password for that username, and the third portion is either a root
password or a valid local root exploit code.
Recently the topic of brute force ssh attacks came up on our linux users
group mailing list. The best option we had suggested was to do the
above, then move ssh to a non standard port. Most scripts that are going
to attack you are not going to consider the possibility that you are on
a non standard port. Either you answer where they expect or they move
on.
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
