Re: attempt to login as root?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Jul 26, 2004 at 04:55:58PM +0100, Karl E. Jorgensen wrote:
> On Mon, Jul 26, 2004 at 10:28:33AM +0930, David Purton wrote:
> > I just noticed a stack of failed attempts to ssh into my box as root
> > over the last half an hour or so. I've now blocked the offending ip
> > address, so hopefully they'll go away. Is there anything else I
> > can/should do? Is it worth complaining to the owner of the subnet?
>
> Could be any number of things, including people mistypying IP addresses,
> wannabe script kiddies and you-name-it.
>
> Complaining is unlikely to help, but it probably cannot do much harm
> either. Unless of course the complaint gets relayed to the perpetrator
> and he decides to DDOS you...
Actually in this case it did - I got an email back from the admin, who
said that it was coming from a compromised linux server, and thanked me
for the notification. So there you go.
>
> I guess you could tighten things up by only allowing key-based logins:
> /etc/ssh/sshd.conf:
> PasswordAuthentication no
> UsePAM no
> and make sure that you use privilege separation on ssh (which
> unfortunately will break keyboard-interactive pam modules):
> /etc/ssh/sshd.conf:
> UsePrivilegeSeparation yes
> PAMAuthenticationViaKbdInt no
>
> Before you do this, you want to make sure that ~/.ssh/authorized_keys is
> set up properly :-)
>
Yeah - every so often I think of doing this, but I'm often logging in
from various different places and so is another guy who has an account
on it, so key-based logins are a bit inconvenient. Always the problem
with security :(
cheers
dc
- --
David Purton
dcpurton@chariot.net.au
For the eyes of the LORD range throughout the earth to
strengthen those whose hearts are fully committed to him.
2 Chronicles 16:9a
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFBBaY0Fv0/BLD26qcRAuDCAKCUT4m7k7a0nPmF+bB50a9wA01A5wCdHXAy
43wGfNJeTS6upDXUHkE6Gy8=
=3XrQ
-----END PGP SIGNATURE-----
Reply to: