Grokbase
Topics Posts Groups | in
x
[ help ]

Re: Securing SSH

View PostFlat  Thread  Threaded | < Prev - Next >
Timothy Alberts Re: [CentOS] Securing SSH
| +1 vote
[ Profile | Reply to group ] [ Flat  Thread  Threaded ]
John R Pierce wrote:
> Tim Alberts wrote:
>> So I setup ssh on a server so I could do some work from home and I
>> think the second I opened it every sorry monkey from around the world
>> has been trying every account name imaginable to get into the system.
>
> actually, those 'attempts' are coming from virus infected systems
> which randomly probe for SSH servers. they try the same sorry 10 or
> 15 accounts with the same lame 10 or 15 passwords, so its really just
> an annoyance if you're anal about logwatch output.
>

Just a virus you think?  They are some pretty lame account names: judy, 
frank, bob..However they are mixed with general linux accounts:  root, 
ftp, webmaster, mysql, named, etc.  I feel less worried about that (or 
should I)?

Or are you just trying to lull me into a false sense of security?  
Muawhahahaha..

_______________________________________________
CentOS mailing list
[email protected: C...@centos.org]
http://lists.centos.org/mailman/listinfo/centos

Thread : Securing SSH
1)
Timothy Alberts So I setup ssh on a server so I could do some work from home and I think the second I opened it...
2)
Mike Kercher iptables, disallow root login via ssh, no valid shell for users that don't need one, strong...
3)
Timothy Alberts iptables..add the ip of the attack source to reject? They keep moving IP, this is very time...
4)
Ingemar Nilsson This is probably not what he meant. You can use a key pair to authenticate with the SSH server and...
5)
John R Pierce stop thinking 'they', that implies theres someone intentionally targetting you. its just viruses...
6)
Timothy Alberts Oh no..they're out there. They're watching us now. They know we're talking about them. :)
7)
Rudi Ahlers 1. Change the default port 2. use only SSH protocol 2 3. Install some brute force protection which...
8)
James A. Peltier Fail2Ban is a good brute force protector. It works in conjunction with IPTables to block IPs that...
9)
Anne Wilson And I can confirm that it's a doddle to set up. The defaults were fine for me - nothing needed...
10)
Timothy Alberts I could do that, but if they already know about it, a simple port scan and they'll probably find it...
11)
Ray Van Dolson If you're talking about people who are just scanning your machine and then doing brute force on the...
12)
Robert Spangler Is an option but a waste of time as a scanner will find the port it was moved to. Agree Fail2ban...
13)
John R Pierce actually, those 'attempts' are coming from virus infected systems which randomly probe for SSH...
14)
Timothy Alberts Just a virus you think? They are some pretty lame account names: judy, frank, bob..However they are...
15)
Timothy Alberts FYI, here's a list of the losers (so far). I suggest everyone wish horrible things happen to these...
16)
Matt Shields DenyHosts - http://denyhosts.sourceforge.net/ Also, when you set it up, set it to download the...
17)
Theo Band [GreenPeak] You could consider to disallow password access. Use only public key authentication. The "attacks"...
18)
David Mackintosh This is what I do. http://wiki.xdroop.com/space/Linux/Limited+SSH+Access
19)
Timothy Alberts That sounds great for getting around a remote dynamic IP address, but some more...
20)
Rudi Ahlers Why? What is on that site which is very specific to the setup?
21)
John R Pierce he's referring to YOUR controlling webpage, which they refer to as my-sshd-access.php there.
22)
Rudi Ahlers aah ok. But that's something he should either not use if necessary, or rather secure with a...
23)
Scott Silva This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --==============01072332=Content-Type:...
24)
John R Pierce if you post your weblogs online, perhaps via an analysis package such as Analog, DO be sure to...
25)
Scott Silva This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --==============52930982=Content-Type:...
26)
David Mackintosh Strictly speaking, yes; however in practice, the number of bots (or, indeed, external users who are...
27)
Tony Placilla Tony Placilla <bofh@jhu.edu> Sr. UNIX Systems Administrator The Sheridan Libraries Johns Hopkins...
28)
Liam Kirsher Tim, The important ones, imho -- 1. disallow root login 2. disallow password authentication (use...
spacer
View PostFlat  Thread  Threaded | < Prev - Next >
Home > Groups > CentOS > Securing SSH (28 posts) > View Post
Grokbase | Groups | Tags | People | Add a group | FAQ | About

Provide feedback | del.icio.us | Credits | Created by John