Re: SSH attack

To: debian-user@lists.debian.org
Subject: Re: SSH attack
From: Alvin Oga <aoga@mail.Linux-Consulting.com>
Date: Mon, 10 Oct 2005 23:09:01 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1051010230303.19907A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 434B54BB.9080803@ix.netcom.com>

On Tue, 11 Oct 2005, Marty wrote:

> Thanks, you just reminded me of two more items for my ssh hardening plan:
> 
> -deny root login
> 
> -turn off sshd access after a specified number of failed login attempts,
> or any attempts outside the specific IP address range.

those should be done BEFORE you go live .. ??

	- no machine i would be baby sitting would be turned on
	if those 2 minimum requirements is not met

	- in the old days, i'd be running the latest/greatest
	ssh ... vs those that come with any distro
	( it seems lot more stable now... not as many exploits )

as far as i'm concerned ... free audits is a good thing on non-critical
machines ... let um play with those .. i get um by the thousands ...
and i'm not gonna want any email just because one bozo decides
to run a generic port scan or dictionary attacks

- that'd generate hundreds of thousands of false alarms

- "too many" attempts will also raise a flag
	( more than the number of your fingers )

- critical machines are watched very carefully :-)

c ya
alvin

Reply to:

Follow-Ups:
- Re: SSH attack
  - From: Marty <martyb@ix.netcom.com>

References:
- Re: SSH attack
  - From: Marty <martyb@ix.netcom.com>

Prev by Date: Re: SSH attack
Next by Date: IMAP and Squirelmail.
Previous by thread: Re: SSH attack
Next by thread: Re: SSH attack
Index(es):
- Date
- Thread