[Asterisk-Users] asterisk@home scary log

Colin Anderson ColinA at landmarkmasterbuilder.com
Thu Feb 10 09:57:12 MST 2005


Thanks, everyone, for the excellent suggestions.

For posterity and for future reference when this thread comes up again,
summarizing the best way(s) to defend against SSH logon attempts:

1. Don't allow root thru SSH or Telnet, force logon as regular user and sudo
2. If you must run SSH or Telnet, run it on a non-obvious port > 1024
3. Change all default passwords in the system. For example, I run
Cyrus-IMAPD on another server and the default password in the install of
Cyrus is "CYRUS" user and "CYRUS" password - I get at least 5 password
attempts per day with that same user/pass combination. (yes, I changed it!)
4. Restrict originating IP's to SSH to only accept your local subnet or a
range of trusted IP's
5. Use key-based auth mechanism rather than password. It's my understanding
that the key is never sent, only a hash of the key. The target system
compares the hash against it's hash of the key, and if it matches, cool. 
6. IPSec, (or some other VPN) which is quite problematic cross-platform. 


Dave McNett wrote:

>IMO, your best defence is leaving ssh's default setting which disallows
>root logins entirely.  There's no reason for a remote user to ever have
>to log in as root.  Root access should be obtained by a logged-in normal
>user using sudo, or su.

Weird thing is, I never touched the default SSH setting and I log in as root
just fine. FC2. Is this documented??

dean collins wrote:

>Colin, how do I find these logs on the asterisk at home install?

Dunno about asterisk at home, on Fedora/RH, you want to examine the file
/var/log/secure. Also, a telltale sign of trouble is when you log on as you
in SSH, the console will say the last sucessful logon. If that's not you, or
shomeone you know, then you are in trouble. 




More information about the asterisk-users mailing list