[Asterisk-Users] asterisk@home scary log
Daniel Wright
dw at wonderwave.net
Thu Feb 10 09:42:04 MST 2005
You can always set up ssh to use host keys. Here are two howto's on what
else? How to set them up.
http://www.securityfocus.com/infocus/1806 Part 1
http://www.securityfocus.com/infocus/1810 Part 2
Dan.
Steven Critchfield wrote:
>On Thu, 2005-02-10 at 09:08 -0700, Colin Anderson wrote:
>
>
>>>The hack came in through ssh.
>>>
>>>
>>IMO, your best defence is an extremely strong root password; I am often
>>mortified by looking at my logs and seeing all of the login attempts through
>>SSH.
>>
>>OT: I am not up on Linux script-kiddie type tools, but I assume that there
>>is a script of some sort that automates SSH probes. Can anyone suggest a
>>good counter i.e. honeypot or throttling logon attempts. Yes, I know I can
>>google it, but I'd rather hear the opinion of real Linux experts rather than
>>the "experts" at About.com.
>>
>>
>
>First, turn off root access from ssh. That is the first problem. Root
>should never be allowed to login except on console.
>
>Second, become familiar with su or sudo.
>
>Once you learn to login as your user and use su to become root, you
>learn that you have about three times as long of a root password. The
>first portion being a valid username, the second portion being a
>password for that username, and the third portion is either a root
>password or a valid local root exploit code.
>
>Recently the topic of brute force ssh attacks came up on our linux users
>group mailing list. The best option we had suggested was to do the
>above, then move ssh to a non standard port. Most scripts that are going
>to attack you are not going to consider the possibility that you are on
>a non standard port. Either you answer where they expect or they move
>on.
>
>
More information about the asterisk-users
mailing list