Re: authentication failure

To: debian-user@lists.debian.org
Subject: Re: authentication failure
From: Tarek Soliman <tarek-spam@zeusmail.bounceme.net>
Date: Tue, 13 Mar 2007 09:44:29 -0500
Message-id: <[🔎] 20070313144429.GB20578@zeus.olympus>
In-reply-to: <[🔎] 20070313100524.21f4af4b@think.homenet>
References: <[🔎] BAY23-F9729EDFC4DA4A3652827CB47D0@phx.gbl> <[🔎] 45F59F5C.7010001@acu.edu> <[🔎] 20070312190645.GA14553@zeus.olympus> <[🔎] 20070313100524.21f4af4b@think.homenet>

On Tue, Mar 13, 2007 at 10:05:24AM +0200, Andrei Popescu wrote:
> Tarek Soliman <tarek-spam@zeusmail.bounceme.net> wrote:
> 
> > Do not log in as root via ssh or even allow it.
> > There are reasons why the default in Debian is PermitRootLogin no
> 
> The default is "yes".
> See /usr/share/doc/openssh-server/Readme.DEBIAN.gz for the maintainers
> oppinion.
> 

Wow. Everything I thought I knew about security has been shattered.

It seems there are regular attempts to log in as root through ssh
though.

Having a strong password helps.
Having port-knocking or ip-banning based on so many failed attempts
helps.
Changing the port helps. (least satisfying way I think)

I think the best way is to have key-only authentication on just the list
of AllowUsers.

Feel free to correct me if I'm wrong (again)

-- 
Tarek

Reply to:

Follow-Ups:
- Re: authentication failure
  - From: Andrei Popescu <andreimpopescu@gmail.com>

References:
- Re: authentication failure
  - From: "semgogo sem" <semgogo@hotmail.com>
- Re: authentication failure
  - From: Kent West <westk@acu.edu>
- Re: authentication failure
  - From: Tarek Soliman <tarek-spam@zeusmail.bounceme.net>
- Re: authentication failure
  - From: Andrei Popescu <andreimpopescu@gmail.com>

Prev by Date: Re: Best File System for partitions over 600GB
Next by Date: services don't communicate after connection
Previous by thread: Re: authentication failure
Next by thread: Re: authentication failure
Index(es):
- Date
- Thread