Re: attempt to login as root?

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: attempt to login as root?
From: David Purton <dcpurton@chariot.net.au>
Date: Tue, 27 Jul 2004 10:17:48 +0930
Message-id: <[🔎] 20040727004748.GB10101@marshwiggle.net>
Mail-followup-to: Debian User List <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20040726155558.GC10415@einstein.jorgensen.uthink.co.uk>
References: <[🔎] 20040726005833.GB28026@marshwiggle.net> <[🔎] 20040726155558.GC10415@einstein.jorgensen.uthink.co.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Jul 26, 2004 at 04:55:58PM +0100, Karl E. Jorgensen wrote:
> On Mon, Jul 26, 2004 at 10:28:33AM +0930, David Purton wrote:
> > I just noticed a stack of failed attempts to ssh into my box as root
> > over the last half an hour or so. I've now blocked the offending ip
> > address, so hopefully they'll go away. Is there anything else I
> > can/should do? Is it worth complaining to the owner of the subnet?
> 
> Could be any number of things, including people mistypying IP addresses,
> wannabe script kiddies and you-name-it.
> 
> Complaining is unlikely to help, but it probably cannot do much harm
> either. Unless of course the complaint gets relayed to the perpetrator
> and he decides to DDOS you...

Actually in this case it did - I got an email back from the admin, who
said that it was coming from a compromised linux server, and thanked me
for the notification. So there you go.

> 
> I guess you could tighten things up by only allowing key-based logins:
>     /etc/ssh/sshd.conf:
>         PasswordAuthentication no
>         UsePAM no
> and make sure that you use privilege separation on ssh (which
> unfortunately will break keyboard-interactive pam modules):
>     /etc/ssh/sshd.conf:
>         UsePrivilegeSeparation yes
>         PAMAuthenticationViaKbdInt no
> 
> Before you do this, you want to make sure that ~/.ssh/authorized_keys is
> set up properly :-)
> 

Yeah - every so often I think of doing this, but I'm often logging in
from various different places and so is another guy who has an account
on it, so key-based logins are a bit inconvenient. Always the problem
with security :(

cheers

dc

- -- 
David Purton
dcpurton@chariot.net.au
 
For the eyes of the LORD range throughout the earth to
strengthen those whose hearts are fully committed to him.
                                 2 Chronicles 16:9a
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFBBaY0Fv0/BLD26qcRAuDCAKCUT4m7k7a0nPmF+bB50a9wA01A5wCdHXAy
43wGfNJeTS6upDXUHkE6Gy8=
=3XrQ
-----END PGP SIGNATURE-----

Reply to:

References:
- attempt to login as root?
  - From: David Purton <dcpurton@chariot.net.au>
- Re: attempt to login as root?
  - From: "Karl E. Jorgensen" <karl@jorgensen.com>

Prev by Date: Re: dhclient renews lease every 5 secs
Next by Date: [OT] Apache log analysis packages
Previous by thread: Re: attempt to login as root?
Next by thread: sunone_asp4.0.1-linux-full
Index(es):
- Date
- Thread