Jay Libove <[EMAIL PROTECTED]> writes: > What are you doing/changing about your SSH configurations to reduce the > possibility of these attacks finding any kind of hole in the OpenSSH > software (that's what I run, so that's the only version I'm particularly > concerned about) ? Are you doing anything at all?
One or more of the following, depending on local requirements: * Run on a non-standard port - this will stop brain-dead scanning programs * Use key-based auth instead of passwords * Restrict what IP addresses are allowed to connect (at your firewall) * Disable root logins * Use john or crack to audit password strength * Use logwatch or similar to monitor failed login attempts * Make a honeypot and see what techniques people are trying out (Everyone's forcing version 2 of the protocol, right?) cheers, Jamie -- James Riden / [EMAIL PROTECTED] / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
