Re: ssh: Repeated intrusion attempts
> - sniff any/all of the emails and follow that email into the server
> and try to guess their passwords
I'm particularly concerned that spammers can find out valid email accounts
on our system. From what you say it looks as if that's unavoidable unless I
take elaborate precautions.
Currently there's only one user who's a member of the "ssh_user" group.
Only members of this group are allowed to log in because of "AllowGroups
ssh_user" in /etc/ssh/sshd_config. I think I'll create new login names for
members of this group and will put a REJECT in my /etc/mail/aliases. That
will make it difficult to guess the name as they won't receive any emails.
> - never use the same email addy ( john ) as your any of your loginID
> ( john ) .. one of it should be "jsmith" or some other non-guessible
> loginid ... and aliase email@example.com in your /etc/alias files back to
> j1z3k5 so that j1z3k5 can read/delete/reply their emails addressed to
Sounds a bit complicated. I know what you're getting at.
>> I am running Woody, with up-to-date patches, behind a cheap hardware
>> firewall-router. Open ports are 22 (sshd), 25 (sendmail), 80 (apache),
>> (apache-ssl), 993 (courier-imap over ssl) and 995 (courier-pop over ssl).
> pretty good :-) .. except do not depend on the firewall .. assume its
> cracked and protect everything else ...
> ( full and incremental and encrypted backups .. dating back months.. )
Done that. Using Mondo. I keep a CD-ROM backup at home away from the
office. Brilliant utility, except that it took about a week to find a
version that worked properly. Default one doesn't.