Hi Barbie (and list), On Wed, Jun 10, 2009 at 16:24, Barbie<[email protected]> wrote:
> It appears the problem was that the account for 'nobody' was > compromised. As such I've disabled the account and several others that > should not have remote access. > > The non-standard port wouldn't have worked necessarily in this case, the > attack was scanning ports too :( However, I think sshblack will help in > this regard :) Two things that may also help (if you're not doing them already) is setting the following in the sshd_config file ( that is usually located in /etc/ssh ): 1 - Disable root logins via SSH (probably, you're already doing this) To do this, change the "PermitRootLogin" directive to "no". Usually this directive already exists in the sshd_config file, but it may be set to "yes" or be commented out. So, the line should read as follows: PermitRootLogin no 2 - Allow only some users, preferably with hard-to-guess usernames, to log in. To do this, add a line with the "AllowUsers" directive (that line is usually *missing* from the sshd_config file). So, let's say that you wanted that only the users called "barbiedoll" and "othertoy" to log in. First, naturally, you'd create them in the shell with the "useradd" command and set passwords for them with the "passwd" command. Then you'd add those usernames, separated by spaces, in the following line of the sshd_config file: AllowUsers barbiedoll othertoy When you use the AllowUsers directive in the sshd_config file, *only* the users listed in that directive will be able to log in with Secure Shell. As you'd expect, after doing these changes, you have to restart the ssh daemon. To avoid "locking yourself out", it may be prudent to have a second ssh session opened, so you can do some changes to the setup, if necessary. So, with this setup, you'd now log in to SSH with username "barbiedoll" or "othertoy" and then, if you wanted to be "root", you'd type the "su -" command and enter the root password. BTW: This is my first post in this "CPAN Testers Discuss" mailing list. I hope this info is helpful to you (and others). Apologies if you knew all this already! :) Best wishes, Ricardo Dias Marques lists AT ricmarques DOT net
