[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing SSH: Does disabling password authentication work?

On Tue, Oct 04, 2005 at 05:51:00PM -0500, Steve Block wrote:
> Thanks for the extra info, Noah. I use the password library from the
> openwall project to enforce strong passwords/passphrases on the system,
> make sure daemons can't log in, etc. I'm not going to worry about these
> automated scans too much, and I'll just keep auto-blocking anyone hammering
> the SSH server.

FWIW, my site has several hundred Debian workstations, most of which run
sshd.  The only times I've ever seen these worms get in are when people
create "temporary" accounts or something like that.  We had a user who
didn't know how to set up postgres authentication, so he gave the
postgres user a password of "password" so he could su to it easily.  Our
user accounts have been OK.

I set up a user-mode-linux machine at one point and deliberately gave it
a stupidly easy password.  The worm got in and phoned home, and after a
few minutes a real person logged in.  He tried a couple of rootkits,
which didn't work, and then just set up an IRC bot running as the
non-privilaged user whose account he was using.  In general, there's
really not much interesting about these worms or the kiddies running


Attachment: signature.asc
Description: Digital signature

Reply to: