[NTLUG:Discuss] OpenSSH - Newbie Question #2
Brian Koontz
nlc at pongonova.net
Wed Jul 5 20:31:27 CDT 2006
Some time ago, I was the unfortunate victim of a successful SSH crack:
There is a test procedure during qmail installation that involves
creating a test user (eztest or something like that). I completely
forgot about it, and about 2 years later, wouldn't you know I got
cracked. Get this: I just happened to be logged in while they were
trying to install (not very successfully) a rootkit, so I was able to
pull the plug.
Nevertheless, that disk is no longer in service :) SSH access is
limited to two IP addresses of external machines that I have control
of; connection requests from other IP addresses are automatically
rejected. No root access, logins limited to only one username.
We all learn from our mistakes. If you think you've got a secure SSH
setup, think again, because it's probably not as secure as it could
be. Restrict everything you possibly can. Had I done so, there's a
good possibility I wouldn't have been cracked.
--Brian
On Wed, Jul 05, 2006 at 08:27:35PM -0500, Chris Cox wrote:
> Terry Henderson wrote:
> > Not permitting root login is a good security measure, IMO.
> >
> > Change
> > PermitRootLogin yes
> > to
> > PermitRootLogin no
>
> Yes definitely. But the bots, if you've been plagued by them,
> try random "normal" usernames as well.
More information about the Discuss
mailing list