I usually set sshd to not allow root logins. Doesn't really make you
any safer in of itself, of course (unless you also control who has
access to the su or sudo commands, for example), but it was presented to
me as a sort of best-practice. This is done by setting
"PermitRootLogin" to "no" in /etc/ssh/sshd_config (on a RH
system...can't speak for others necessarily).
You also may wish to consider, if it's feasable for your situation, to
limit sshd connections to certain IP addresses or ranges, such as by
using tcpwrappers (/etc/hosts.allow, /etc/hosts.deny) or iptables. Of
course, that's not a very scalable tactic, and is no good if you can't
always predict where you'll be when you need the ssh access..
~B
Lisa Boyd wrote:
I've been checking my Logwatch files and have noticed some failed
logins for root listed under sshd. I assume someone is trying to break
into my server, but is this something to seriously worry about?
Considering my root password is not a dictionary word ;)
Thanks!
Lisa B.
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
