[Asterisk-Users] asterisk@home scary log
Tzafrir Cohen
tzafrir at cohens.org.il
Thu Feb 10 09:56:28 MST 2005
On Thu, Feb 10, 2005 at 10:12:11AM -0600, denon wrote:
> At 10:08 AM 2/10/2005, you wrote:
> >>The hack came in through ssh.
> >
> >IMO, your best defence is an extremely strong root password; I am often
> >mortified by looking at my logs and seeing all of the login attempts
> >through
Assuming that a resonably smart attacker has no way of getting a valid
username from, e.g, your email. I'm not sure how well can this be
automated for script-kiddies, though
>
> Why would you even want SSH exposed to the world?
Expose ssh to the world for remote administration. It is a great tool
for that. A non-standard port is also often useful.
> In fact, why expose it to
> anything but your local admin console, or *maybe* a vpn tunnel server if
> absolutely necessary?
and why is a vpn tunnel better than ssh? both leave you basically a
password away from the server. ssh *is* a vpn tunnel. Unlike others it
is well-understood and easy to configure so chances are you won't make
mistakes configuring it.
> >SSH.
> >
> >OT: I am not up on Linux script-kiddie type tools, but I assume that there
> >is a script of some sort that automates SSH probes. Can anyone suggest a
> >good counter i.e. honeypot or throttling logon attempts. Yes, I know I can
> >google it, but I'd rather hear the opinion of real Linux experts rather
> >than
> >the "experts" at About.com.
If you don't mind locking yourself out, use pam_tally.so in
/etc/pam.d/ssh .
It is documented in the docs of the pam package (e.g: pam.txt)
--
Tzafrir Cohen | New signature for new address and | VIM is
http://tzafrir.org.il | new homepage | a Mutt's
tzafrir at cohens.org.il | | best
ICQ# 16849755 | Space reserved for other protocols | friend
More information about the asterisk-users
mailing list