Personaly, I prefere: "AllowGroups ssh" so that i have to give a user explicit ssh access by adding him/her to the ssh group.
Offcourse, root is not in this group :p -----Original Message----- From: Rolf Kutz [mailto:[EMAIL PROTECTED] Sent: woensdag 29 september 2004 23:48 To: [EMAIL PROTECTED] Cc: Noah Meyerhans Subject: Re: [sec] Re: failed root login attempts * Quoting Phillip Hofmeister ([EMAIL PROTECTED]): > On Tue, 28 Sep 2004 at 09:18:51PM -0400, Noah Meyerhans wrote: > > That doesn't seem to be the case. The most common one uses > > root/test/guest, but there are more that seem to be based on the same > > code. They all disconnect by sending the string "Bye Bye", e.g.: > > sshd[13613]: Received disconnect from 64.246.26.19: 11: Bye Bye > > > > I've seen many more aggressive root login attempts, as well as 'admin' > > and a number of other users. > > > > The somewhat unsetting thing that I'm wondering about is whether these > > machines are all sharing some big central password dictionary and are > > logging their attempted passwords to some central database. It ends up > > being some massive distributed dictionary attack, which I doubt is going > > to work on my systems, but I'm 100% sure that there are systems out > > there with weak root passwords. > > Best practices suggest: > > PermitRootLogin no Why not: PasswordAuthentication no UsePAM no - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
