Thanks, everyone, for the excellent suggestions. For posterity and for future reference when this thread comes up again, summarizing the best way(s) to defend against SSH logon attempts:
1. Don't allow root thru SSH or Telnet, force logon as regular user and sudo 2. If you must run SSH or Telnet, run it on a non-obvious port > 1024 3. Change all default passwords in the system. For example, I run Cyrus-IMAPD on another server and the default password in the install of Cyrus is "CYRUS" user and "CYRUS" password - I get at least 5 password attempts per day with that same user/pass combination. (yes, I changed it!) 4. Restrict originating IP's to SSH to only accept your local subnet or a range of trusted IP's 5. Use key-based auth mechanism rather than password. It's my understanding that the key is never sent, only a hash of the key. The target system compares the hash against it's hash of the key, and if it matches, cool. 6. IPSec, (or some other VPN) which is quite problematic cross-platform. Dave McNett wrote: >IMO, your best defence is leaving ssh's default setting which disallows >root logins entirely. There's no reason for a remote user to ever have >to log in as root. Root access should be obtained by a logged-in normal >user using sudo, or su. Weird thing is, I never touched the default SSH setting and I log in as root just fine. FC2. Is this documented?? dean collins wrote: >Colin, how do I find these logs on the [EMAIL PROTECTED] install? Dunno about [EMAIL PROTECTED], on Fedora/RH, you want to examine the file /var/log/secure. Also, a telltale sign of trouble is when you log on as you in SSH, the console will say the last sucessful logon. If that's not you, or shomeone you know, then you are in trouble. _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
