[wplug] Any tips against this kind of ssh break-in?
Brian A. Seklecki
lavalamp at spiritual-machines.org
Fri Jul 15 15:28:14 EDT 2005
> I did notice that in sshd_config, root was allowed to login. I just
> turned that off.
GOOD GOD!! What distro* still ships with PermitRootLogin set to "yes" by
default ?! Are you sure that's the case, or perhaps it was commented in
the sshd_config (prefixed with "#"), but the comment in the config
doesn't reflect the default source code setting (servconf.h)?
I mean, even the OpenSSH CVS Repository (for portable SSH) has
ssh_config with PermitRootLogin true, but no one actually ships SSH wit
that. Now there is the possibility that sshd_config and servconf.h can
get out of sync.
If root *must* login, preferably this would be set to:
forced-commands-only.
Also, as everyone else is saying, regardless of your IP networking
environment, you should have some sort of host-based firewall only
allowing SSH from trusted hosts.
If they can get a TCP socket open, eventually they'll find a way in.
Firewall everyone and everything...
~BAS1
More information about the wplug
mailing list