Re: SSH attack
On Tue, 11 Oct 2005, Marty wrote:
> Thanks, you just reminded me of two more items for my ssh hardening plan:
> -deny root login
> -turn off sshd access after a specified number of failed login attempts,
> or any attempts outside the specific IP address range.
those should be done BEFORE you go live .. ??
- no machine i would be baby sitting would be turned on
if those 2 minimum requirements is not met
- in the old days, i'd be running the latest/greatest
ssh ... vs those that come with any distro
( it seems lot more stable now... not as many exploits )
as far as i'm concerned ... free audits is a good thing on non-critical
machines ... let um play with those .. i get um by the thousands ...
and i'm not gonna want any email just because one bozo decides
to run a generic port scan or dictionary attacks
- that'd generate hundreds of thousands of false alarms
- "too many" attempts will also raise a flag
( more than the number of your fingers )
- critical machines are watched very carefully :-)