On Tue, 2004-08-31 at 07:26, Andrew Graupe wrote: > People are trying to login via SSH as root or admin, and failing (thank > God). I have changed my firewall temporarily to only allow SSH from my > private subnet. I would ideally like to change this. What can I do? >
1) As mentioned, disable root login. 2) Change the ssh port to something obscure. 3) If possible, build a list of allowed ips and configure the firewall to let only them through. 4) You could also look into a key based authentication and disable password auth altogether. > I don't *think* anyone has broken in yet, but I can't be sure. I've never done it before, but I believe there are some standard kits to check for signs of a rooting. > > Regards, > > Andrew > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
