Re: Darn skiddies (ssh login attempts)
On Thu, 31 Mar 2005, Brad Sims wrote:
> `less /var/log/auth.log|grep Failed|wc -l` shows 185 attempts to compromise
> my machine since March 27th...
>
> /etc/hosts.deny reads: ALL: ALL
good
> /etc/hosts.allow reads:
> sshd: $WORK_IP1
> sshd: $WORK_IP2
good
but make sure ssh is compiled with tcpwarppers, otherwise that
lines are worthless
- remove it and restart inet and you should no longer
be able to ssh into it
(though restarting inetd is not needed after changing it's files)
> Will not having the usual all: local break something?
there is zero point to "ssh localhost" si yiu do NOT need
to host.allow
# bad idea ot have localhost
sshd: localhost w.x.y.z
allowing "local" will definitely break things ..
local exploits of ssh or any daemon to become root
on the box and you using "daemon: all"
"all : all" being worst for allows
c ya
alvin
Reply to: