RE: [sec] Re: failed root login attempts
Personaly, I prefere:
"AllowGroups ssh"
so that i have to give a user explicit ssh access by adding him/her to the ssh group.
Offcourse, root is not in this group :p
-----Original Message-----
From: Rolf Kutz [mailto:kutz@netcologne.de]
Sent: woensdag 29 september 2004 23:48
To: debian-security@lists.debian.org
Cc: Noah Meyerhans
Subject: Re: [sec] Re: failed root login attempts
* Quoting Phillip Hofmeister (plhofmei@antiochcomputerconsulting.com):
> On Tue, 28 Sep 2004 at 09:18:51PM -0400, Noah Meyerhans wrote:
> > That doesn't seem to be the case. The most common one uses
> > root/test/guest, but there are more that seem to be based on the same
> > code. They all disconnect by sending the string "Bye Bye", e.g.:
> > sshd[13613]: Received disconnect from 64.246.26.19: 11: Bye Bye
> >
> > I've seen many more aggressive root login attempts, as well as 'admin'
> > and a number of other users.
> >
> > The somewhat unsetting thing that I'm wondering about is whether these
> > machines are all sharing some big central password dictionary and are
> > logging their attempted passwords to some central database. It ends up
> > being some massive distributed dictionary attack, which I doubt is going
> > to work on my systems, but I'm 100% sure that there are systems out
> > there with weak root passwords.
>
> Best practices suggest:
>
> PermitRootLogin no
Why not:
PasswordAuthentication no
UsePAM no
- Rolf
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: