Re: intrusion via ssh

To: debian-user@lists.debian.org
Subject: Re: intrusion via ssh
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Thu, 31 Mar 2005 16:37:43 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1050331163309.9387A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 1112275918.7624.62.camel@fctmp>

hi ya rak..

On Thu, 31 Mar 2005, Rakotomandimby (R12y) Mihamina wrote:

> On Thu, 2005-03-31 at 12:55 +0200, Frederic Guillet wrote:
> 
> > the pb with such log is that it does not say if the user has succeeded
> > to enter the machine or if the attempt has failed.
> 
> First, try to do it yourself:
> 
> try to log in with a fake user account,
> try to login with an existing user account, but fake passwd
> try with an existing user account and the right passwd

seems simple enough ...  and i don't understand why it's easier
to type an email vs typing  john and fakepwd  and, after
posting to the list, one has the thrilling suspense of what the 
answers will be :-)

the other tests i would do is make sure ssh logins only work
from certain machines ...  that even if you know the right login 
and right passwd, you will not be able to login from any random
outside machine like the cracker's machine

even if they sniff your login and passwd .. they can't use it
unless they happen to break into the one machine that the target
trusted that it'd allow the incoming ssh connections

> Go and See the logs, and then you will see how does it behave in both
> case.

c ya
alvin

Reply to:

References:
- Re: intrusion via ssh
  - From: "Rakotomandimby (R12y) Mihamina" <mihamina@mail.rktmb.org>

Prev by Date: OT, Creating new icons in KDE.
Next by Date: Re: intrusion via ssh
Previous by thread: Unsubscribe
Next by thread: Re: intrusion via ssh
Index(es):
- Date
- Thread