Re: Find out host of IP
Roberto C. Sánchez wrote:
> On Sun, Jun 10, 2007 at 08:20:05PM -0400, Kamaraju S Kusumanchi wrote:
>> David Baron wrote:
>>
>> > Someone is trying to ssh on to my system. Trying on several ports. Not
>> > the first time, either. Thankfully, he does not have a password.
>> > Besides a bunch of Deprecated option ReverseMappingCheck, so far no
>> > harm done.
>> >
>> > Since my logs have this IP number, how do I find out who it is?
>>
>> Not exactly answering your question. But I do see a lot of IPs performing
>> dictionary attacks on my machine. What I do is go through
>> /var/log/auth.log periodically and add the offending IPs to
>> /etc/hosts.deny . That way, in future, the offending IPs cannot perform
>> any dictionary attacks. I currently have around 85 IPs in this list
>> (starting Apr 10, 2007) :-)
>>
>> You should also disable remote root logins to make the machine more
>> secure.
>>
> The best thing you can do is to disable password logins altogether.
> Using public keys is much more secure and makes it *impossible* for a
> dictionary attack to succeed.
>
Somehow, I am not comfortable with this. I have read in many places that key
authentication is the most secure method and I agree with them. However it
is not very convenient. Consider this situation.
Say, I ssh into machineA from machineB. However machineB is not always known
apriori. I can go to my friend's machine and want to ssh into machineA. In
that case, how do I obtain get the key? Carrying the key with a USB stick
is one option. But again that is also inconvenient for me. I guess
convenience and security are opposite ends of the spectrum.
raju
--
Kamaraju S Kusumanchi
http://www.people.cornell.edu/pages/kk288/
http://malayamaarutham.blogspot.com/
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: