Re: SSH attack

To: Debian User <debian-user@lists.debian.org>
Subject: Re: SSH attack
From: Marty <martyb@ix.netcom.com>
Date: Tue, 11 Oct 2005 14:47:48 -0400
Message-id: <[🔎] 434C08D4.8020608@ix.netcom.com>
In-reply-to: <[🔎] 3f1760510110323i323f8ab5i@mail.gmail.com>
References: <[🔎] Pine.LNX.3.96.1051010230303.19907A-100000@Maggie.Linux-Consulting.com> <[🔎] 434B6830.9050704@ix.netcom.com> <[🔎] 3f1760510110323i323f8ab5i@mail.gmail.com>

Dick Davies wrote:

On 11/10/05, Marty <martyb@ix.netcom.com> wrote:

If your machines are all exposed to the internet or to an insecure
LAN, then I don't see how you can safely use ssh at all.  I would
never attempt such a thing, so you are much braver than I.

What I would do instead is limit ssh logins to a single heavily
scrutinized, stripped and locked down, dedicated (internet) ssh server,
which would be manually activated (maybe remotely) for each ssh
use, and turn off all other times.


'maybe remotely' - aren't you just pushing back the problem?


Yes it replaces one security headache with another, but having
remote out-of-band access may be useful for other reasons, and
therefore worth the risk.

I first got the idea from ISPs which allow remote control of customer
servers for reboots or maintenance.

For example, I might use a modem on a system with no LAN connection,
controlling an X-10 network.  Then hopefully the worst damage an
intruder could do is reboot or power off the servers.

Reply to:

Follow-Ups:
- Re: SSH attack
  - From: Ritesh Raj Sarraf <rrs@researchut.com>

References:
- Re: SSH attack
  - From: Alvin Oga <aoga@mail.Linux-Consulting.com>
- Re: SSH attack
  - From: Marty <martyb@ix.netcom.com>
- Re: SSH attack
  - From: Dick Davies <rasputnik@gmail.com>

Prev by Date: Re: dist-upgrade wierdness
Next by Date: Re: hibernate/sleep howto
Previous by thread: Re: SSH attack
Next by thread: Re: SSH attack
Index(es):
- Date
- Thread