[clue-tech] Protecting against the ssh hack

Jack Parker jack.parker4 at verizon.net
Mon Sep 25 20:22:29 MDT 2006 

Thanks for the tips.  The cracker in question is running up and down my
ports with ssh attempts.

j.

-----Original Message-----
From: clue-tech-bounces at cluedenver.org
[mailto:clue-tech-bounces at cluedenver.org]On Behalf Of adam bultman
Sent: Monday, September 25, 2006 10:09 PM
To: CLUE tech
Subject: Re: [clue-tech] Protecting against the ssh hack


Not advertising your domain name and so forth has nothing to do with
being more cracker-proof. If some guy has a bot on his machine that is
instructed to scan 144.144.0.0-144.144.255.255, and you're in there,
you're gonna get scanned.

Restricting root login can be done in 'sshd_config', which should be
somewhere around /etc/ssh/ .   Change PermitRootLogin or whatever to
'No', and restart sshd.

You can also restrict connections to only people with authorized keys
and disable password authentication.  That's a bit more of a pain -
since if you leave your house and you want in, and your buddy Gilbert
doesn't have your SSH key, you're locked out.

Another way is by moving your SSH server to listen on another port. I
changed my SSH server to listen on another port, and whaddya know, those
pesky scans went away.

All three things will improve security although the third is more
'security through obscurity'. The third option will stop your scnners,
but it won't stop your dedicated crackers.

Adam

Jack Parker wrote:

>Despite not advertising my domain name, despite hiding behind a dyndns
>router, I see that someone has been attacking my box against the ssh port
>(the only one which is open).
>
>Two things I'd like to do, one is install sshdfilter - I don't see a lot of
>commentary 'out there' on it - any thoughts from here?
>
>The second is restrict root login to the console only, I've done this in
the
>telnet world, but don't remember it.  Any pointers?
>
>Regards,
>Jack Parker
>
>_______________________________________________
>clue-tech mailing list
>clue-tech at cluedenver.org
>http://www.cluedenver.org/mailman/listinfo/clue-tech
>
>

_______________________________________________
clue-tech mailing list
clue-tech at cluedenver.org
http://www.cluedenver.org/mailman/listinfo/clue-tech

More information about the clue-tech mailing list