[Asterisk-Users] asterisk@home scary log

Steven Critchfield critch at basesys.com
Thu Feb 10 09:54:08 MST 2005


On Thu, 2005-02-10 at 09:08 -0700, Colin Anderson wrote:
> >The hack came in through ssh.
> 
> IMO, your best defence is an extremely strong root password; I am often
> mortified by looking at my logs and seeing all of the login attempts through
> SSH. 
> 
> OT: I am not up on Linux script-kiddie type tools, but I assume that there
> is a script of some sort that automates SSH probes. Can anyone suggest a
> good counter i.e. honeypot or throttling logon attempts. Yes, I know I can
> google it, but I'd rather hear the opinion of real Linux experts rather than
> the "experts" at About.com.

First, turn off root access from ssh. That is the first problem. Root
should never be allowed to login except on console.

Second, become familiar with su or sudo. 

Once you learn to login as your user and use su to become root, you
learn that you have about three times as long of a root password. The
first portion being a valid username, the second portion being a
password for that username, and the third portion is either a root
password or a valid local root exploit code.

Recently the topic of brute force ssh attacks came up on our linux users
group mailing list. The best option we had suggested was to do the
above, then move ssh to a non standard port. Most scripts that are going
to attack you are not going to consider the possibility that you are on
a non standard port. Either you answer where they expect or they move
on.  
-- 
Steven Critchfield <critch at basesys.com>




More information about the asterisk-users mailing list