Re: SSH Attacks - What to do?

[Nathaniel Reindl <fiction@sdf.lonestar.org>]

On Wed, Jul 27, 2005 at 03:31:40PM -0500, Jimmy Buitt wrote:
> 1.) Set up public and private keys for you and your son and only allow 
> public-key authentication.  See the OpenSSH documentation or contact me 
> off-line for help with that.

Setting up SSH keys is smart to begin with.  This allows SSH to bypass
the requirement of sending your password across the wire through a
public-private key encryption scheme.

Only allowing public and private keys is smart only in the case that you
won't ever add users to your system or if you don't mind opening up a
timed window to allow them to log in for a first time and set up keys.

> 2.) Set SSH to use a different port (e.g. 2022).  This won't completely 
> prevent SSH scans but it will sure lessen them.

This makes things a little awkward, but if you're only aiming to lessen
the scans, it's a viable solution.  It offers no more security than
running on port 22.

> 3.) Put an "AllowUsers user1 user2 .." line in your /etc/ssh/sshd_config 
> file to only allow specific users to your system.

See also my first comment, sans the point of public keys.

Frankly, though, nothing beats a difficult to guess password (ask Steve
for his random password script) on root and all crucial interactive
accounts.  I personally do this, and I reprimand (or just flat out kick
off) users who don't provide secure passwords.

-- 
Nathaniel Reindl    http://www.corvidae.org/
    unemployed monkey (hire me!) and college student
    class schedule: http://www.corvidae.org/schedule.html
Fedora Core 4 kernel 2.6.12-1.1398_FC4 on an AMD Opteron 240

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.