Re: intrusion via ssh
hi ya rak..
On Thu, 31 Mar 2005, Rakotomandimby (R12y) Mihamina wrote:
> On Thu, 2005-03-31 at 12:55 +0200, Frederic Guillet wrote:
>
> > the pb with such log is that it does not say if the user has succeeded
> > to enter the machine or if the attempt has failed.
>
> First, try to do it yourself:
>
> try to log in with a fake user account,
> try to login with an existing user account, but fake passwd
> try with an existing user account and the right passwd
seems simple enough ... and i don't understand why it's easier
to type an email vs typing john and fakepwd and, after
posting to the list, one has the thrilling suspense of what the
answers will be :-)
the other tests i would do is make sure ssh logins only work
from certain machines ... that even if you know the right login
and right passwd, you will not be able to login from any random
outside machine like the cracker's machine
even if they sniff your login and passwd .. they can't use it
unless they happen to break into the one machine that the target
trusted that it'd allow the incoming ssh connections
> Go and See the logs, and then you will see how does it behave in both
> case.
c ya
alvin
Reply to: