Re: Darn skiddies (ssh login attempts)

To: Brad Sims <bmsims1@insightbb.com>
Cc: debian-security@lists.debian.org
Subject: Re: Darn skiddies (ssh login attempts)
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Thu, 31 Mar 2005 21:14:52 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1050331211024.31639A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 200503312244.53499.bmsims1@insightbb.com>


On Thu, 31 Mar 2005, Brad Sims wrote:

> `less /var/log/auth.log|grep Failed|wc -l` shows 185 attempts to compromise
> my machine since March 27th...
> 
> /etc/hosts.deny reads: ALL: ALL

good

> /etc/hosts.allow reads:
> sshd: $WORK_IP1
> sshd: $WORK_IP2

good

but make sure ssh is compiled with tcpwarppers, otherwise that
lines are worthless
	- remove it and restart inet and you should no longer
	be able to ssh into it
 
	(though restarting inetd is not needed after changing it's files)

> Will not having the usual all: local break something?

there is zero point to "ssh localhost" si yiu do NOT need
to host.allow
	# bad idea ot have localhost
	sshd: localhost w.x.y.z

allowing "local" will definitely break things ..

	local exploits of ssh or any daemon to become root
	on the box and you using "daemon: all"
		"all : all" being worst for allows

c ya
alvin

Reply to:

References:
- Darn skiddies (ssh login attempts)
  - From: Brad Sims <bmsims1@insightbb.com>

Prev by Date: Re: Darn skiddies (ssh login attempts)
Previous by thread: Re: Darn skiddies (ssh login attempts)
Index(es):
- Date
- Thread