On Thu, Feb 10, 2005 at 10:12:11AM -0600, denon wrote: > At 10:08 AM 2/10/2005, you wrote: > >>The hack came in through ssh. > > > >IMO, your best defence is an extremely strong root password; I am often > >mortified by looking at my logs and seeing all of the login attempts > >through
Assuming that a resonably smart attacker has no way of getting a valid username from, e.g, your email. I'm not sure how well can this be automated for script-kiddies, though > > Why would you even want SSH exposed to the world? Expose ssh to the world for remote administration. It is a great tool for that. A non-standard port is also often useful. > In fact, why expose it to > anything but your local admin console, or *maybe* a vpn tunnel server if > absolutely necessary? and why is a vpn tunnel better than ssh? both leave you basically a password away from the server. ssh *is* a vpn tunnel. Unlike others it is well-understood and easy to configure so chances are you won't make mistakes configuring it. > >SSH. > > > >OT: I am not up on Linux script-kiddie type tools, but I assume that there > >is a script of some sort that automates SSH probes. Can anyone suggest a > >good counter i.e. honeypot or throttling logon attempts. Yes, I know I can > >google it, but I'd rather hear the opinion of real Linux experts rather > >than > >the "experts" at About.com. If you don't mind locking yourself out, use pam_tally.so in /etc/pam.d/ssh . It is documented in the docs of the pam package (e.g: pam.txt) -- Tzafrir Cohen | New signature for new address and | VIM is http://tzafrir.org.il | new homepage | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | Space reserved for other protocols | friend _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
