[Asterisk-Users] asterisk@home scary log

Steven Critchfield critch at basesys.com
Thu Feb 10 10:15:14 MST 2005


On Thu, 2005-02-10 at 10:12 -0600, denon wrote:
> Why would you even want SSH exposed to the world? In fact, why expose it to 
> anything but your local admin console, or *maybe* a vpn tunnel server if 
> absolutely necessary?

What strange world do you live in where you think ssh can be limited to
just the console? Do you speak RSA directly to your console, how about
3DES? SSH must be attached to a network where a client app sits between
you and the encrypted link. 

Of course if you change ssh to be root in your above statement, it makes
a tad more sense. But then again, since ssh would be oblivious to
whether or not the link traversed a vpn tunnel, that doesn't make sense
either. And I doubt anyone with the compute power and interest to
decipher a ssh encypted link would bat an eyelash at having to go
through the vpn link to get to the ssh. Of course at that point you have
larger problems.

> At 10:08 AM 2/10/2005, you wrote:
> > >The hack came in through ssh.
> >
> >IMO, your best defence is an extremely strong root password; I am often
> >mortified by looking at my logs and seeing all of the login attempts through
> >SSH.
> >
> >OT: I am not up on Linux script-kiddie type tools, but I assume that there
> >is a script of some sort that automates SSH probes. Can anyone suggest a
> >good counter i.e. honeypot or throttling logon attempts. Yes, I know I can
> >google it, but I'd rather hear the opinion of real Linux experts rather than
> >the "experts" at About.com.

-- 
Steven Critchfield <critch at basesys.com>




More information about the asterisk-users mailing list