[NTLUG:Discuss] OpenSSH - Newbie Question #2
Terry Henderson
trryhend at gmail.com
Wed Jul 5 23:18:55 CDT 2006
On 7/5/06, Brian Koontz <nlc at pongonova.net> wrote:
> Some time ago, I was the unfortunate victim of a successful SSH crack:
> There is a test procedure during qmail installation that involves
> creating a test user (eztest or something like that). I completely
> forgot about it, and about 2 years later, wouldn't you know I got
> cracked. Get this: I just happened to be logged in while they were
> trying to install (not very successfully) a rootkit, so I was able to
> pull the plug.
>
> Nevertheless, that disk is no longer in service :) SSH access is
> limited to two IP addresses of external machines that I have control
> of; connection requests from other IP addresses are automatically
> rejected. No root access, logins limited to only one username.
>
> We all learn from our mistakes. If you think you've got a secure SSH
> setup, think again, because it's probably not as secure as it could
> be. Restrict everything you possibly can. Had I done so, there's a
> good possibility I wouldn't have been cracked.
>
> --Brian
Give us a couple details about your two breakin events if you don't mind.
Did they ssh in as root?
More information about the Discuss
mailing list