[clue-tech] Protecting against the ssh hack
adam bultman
adamb at glaven.org
Mon Sep 25 20:09:25 MDT 2006
Not advertising your domain name and so forth has nothing to do with
being more cracker-proof. If some guy has a bot on his machine that is
instructed to scan 144.144.0.0-144.144.255.255, and you're in there,
you're gonna get scanned.
Restricting root login can be done in 'sshd_config', which should be
somewhere around /etc/ssh/ . Change PermitRootLogin or whatever to
'No', and restart sshd.
You can also restrict connections to only people with authorized keys
and disable password authentication. That's a bit more of a pain -
since if you leave your house and you want in, and your buddy Gilbert
doesn't have your SSH key, you're locked out.
Another way is by moving your SSH server to listen on another port. I
changed my SSH server to listen on another port, and whaddya know, those
pesky scans went away.
All three things will improve security although the third is more
'security through obscurity'. The third option will stop your scnners,
but it won't stop your dedicated crackers.
Adam
Jack Parker wrote:
>Despite not advertising my domain name, despite hiding behind a dyndns
>router, I see that someone has been attacking my box against the ssh port
>(the only one which is open).
>
>Two things I'd like to do, one is install sshdfilter - I don't see a lot of
>commentary 'out there' on it - any thoughts from here?
>
>The second is restrict root login to the console only, I've done this in the
>telnet world, but don't remember it. Any pointers?
>
>Regards,
>Jack Parker
>
>_______________________________________________
>clue-tech mailing list
>clue-tech at cluedenver.org
>http://www.cluedenver.org/mailman/listinfo/clue-tech
>
>
More information about the clue-tech
mailing list