On 12/23/05, Dominic Maraglia <[EMAIL PROTECTED]> wrote: > > So, in this situation, what action would you take? > > Thanks, > Dominic
Some things that I do to cut down on the number of these is to edit /etc/ssh/sshd_config and... 1) set Port to something other than 22. This alone helps a lot because many of these attacks are scripted and only look for ssh servers on the default port. 2) set PermitRootLogin to no which prevents root from logging-in directly. Users that need root access remotely can login with their normal account first and then su to root. (This is the default in TSL but I mention it since it sounds like you may not be using TSL on this box.) Some distros, like TSL, require that users be in a specific group to be allowed to su to root and others don't. 3) set ChallengeResponseAuthentication to no which completely disallows password-based authentication. Then setup ssh keys for your users. http://www.trustix.org/wiki/index.php/Use_key_based_authentication Hope that helps _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
