On Wed, 13 Feb 2002, Peter Beardsley wrote: > Feb 12 20:00:37 xxx sshd(pam_unix)[18540]: authentication failure; > logname= uid=0 euid=0 tty=ssh ruser= rhost=216.72.153.69 > user=xxxxxxxxxx [...] > So somehow s/he got the username.
User names are often not that hard to find out. According to the log you post, they did not succeed in authenticating (logging in), so they did not have a suitable password. If your passwords are good, you should be reasonably safe. > BTW I require ssh v2 connections. Make sure you've got the latest-and-greatest version of OpenSSH installed (3.x something). Require strong ciphers. Disable anything that even mentions "rhosts". For maximum security, disable password authentication and require public/private keys. > I've read a little here and there about "monkey in the middle" attacks on > ssh, but don't you have to be on the same subnet? All that is required for a man-in-the-middle attack is that the attacker be in a position to intercept and replace communications in both directions. Being on the same subnet as one of the parties may or may not enable this. A good explanation (complete with diagram) of the concept of a man-in-the-middle attack can be found on this webpage: http://www.sm.luth.se/csee/courses/smd/102/lek5/lek5.html Here is another, specifically about SSH: http://www.vandyke.com/solutions/ssh_overview/ssh_overview_threats.html -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
