On Sun, Jul 18, 2004 at 10:37:26PM +0800, Holden Hao wrote: > My logwatch has been reporting lately of several failed attempts of > somebody logging in to my ssh server. It is obvious from the logs that > somebody is trying to guess my root password. My only security > protection at this time is to disable root log-ins. > > I would like to know how the others here protect their ssh server.
Use key-based authentication and disable tunneled cleartext passwords altogether. With that in place barring a security hole in SSH itself (they are not unknown), you're essentially impervious to any password guessing attacks. Breaking security in this case will require obtaining the private key and its passphrase, which amounts to either obtaining a private key and guessing its passphrase from one of your trusted machines or breaking RSA or DSA, which even with the 1024-bit keys that ssh-keygen generates is impossible even for the NSA (unless they have some secret method of factoring or extracting discrete logarithms much faster than any publicly known one of course). See here for an explanation on how this is done: http://www.everything2.com/index.pl?node_id=1398887 (by the way, I wrote that particular article) -- dido Sans les mathematiques on ne penetre point au fond de la philosophie. Sans la philosophie on ne penetre point au fond des mathematiques. Sans les deux on ne penetre au fond de rien. -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
