[wplug] Any tips against this kind of ssh break-in?
Brandon Kuczenski
brandon at 301south.net
Fri Jul 15 18:31:09 EDT 2005
On Fri, 15 Jul 2005, Russ Schneider wrote:
> On Fri, 15 Jul 2005, Brian A. Seklecki wrote:
>
>> GOOD GOD!! What distro* still ships with PermitRootLogin set to "yes" by
>> default ?! Are you sure that's the case, or perhaps it was commented in
>> the sshd_config (prefixed with "#"), but the comment in the config
>> doesn't reflect the default source code setting (servconf.h)?
>
> Well it was commented out as "yes". Eitehr way, I uncommented it and set
> it to "no" to be safe.
>
>
>> Also, as everyone else is saying, regardless of your IP networking
>> environment, you should have some sort of host-based firewall only
>> allowing SSH from trusted hosts.
>
> I hardly know where I'll be when I want to login to the box. Sometimes
> I'm at a client's site and I need to login, so a trusted hosts list
> doesn't really help me much.
>
Also, most of these attacks are probably coming from dynamic IPs.
For the record, my logs average about a hundred root-password attempts a
night on my box. It doesn't bother me much.
-Brandon
More information about the wplug
mailing list