[Full-Disclosure] Re: Re: Any update on SSH brute force attempts?

From: Dave Ewart (Dave.Ewart_at_cancer.org.uk)
Date: 10/18/04

  • Next message: Sowhat .: "[Full-Disclosure] Mutiple AntiVirus Reserved Device Name Handling Vulnerability"
    To: full-disclosure@lists.netsys.com
    Date: Mon, 18 Oct 2004 14:01:41 +0100
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Monday, 18.10.2004 at 06:41 -0500, Ron DuFresne wrote:

    > > > What are you doing/changing about your SSH configurations to
    > > > reduce the possibility of these attacks finding any kind of hole
    > > > in the OpenSSH software (that's what I run, so that's the only
    > > > version I'm particularly concerned about) ? Are you doing
    > > > anything at all?
    > >
    > > Attacks on my system seemed to be restricted to root, so I set the
    > > 'PermitRootLogin without-password' option, so that no root logins
    > > using a password were possible - must be RSA key. I also switched
    > > to non-standard port.
    >
    > Why not just disallow root logins directly, and force someone with a
    > valid user account to su after getting a shell? It was my impression
    > that was more standard, and if one has to allow remote root directly,
    > at least restrict it to specific systems and users. All the places I
    > have worked for forced the su after shell to root..

    Well yes, that's fair enough - however, allowing direct root access does
    make certain things more straightforward, automated use of 'scp' etc.

    Dave.
    - --
    Dave Ewart
    Dave.Ewart@cancer.org.uk
    Computing Manager, Epidemiology Unit, Oxford
    Cancer Research UK
    PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFBc761bpQs/WlN43ARAv4hAKCPjpX99vCblwNdawitjNZdPTsF2ACgvA2P
    ZV9EhkPzUbQ1gdIrVcxdEwo=
    =UQg8
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Sowhat .: "[Full-Disclosure] Mutiple AntiVirus Reserved Device Name Handling Vulnerability"

    Relevant Pages

    • Re: [opensuse] Consistency with power privileges
      ... normal user cannot hibernate the system... ... Only root should be able to suspend the system. ... Any true operating system will restrict system services (particularly those ... systems in every sense of the word (very much unlike windoze). ...
      (SuSE)
    • RE: Blackhole
      ... > So why NOT restrict direct root access? ... >> force hacking of any kind on that account. ...
      (RedHat)
    • Re: Prevent Root access from database
      ... rather than connecting using OS authentication, but the key thing is it forces you to enter the password. ... root could still create the groups. ... The main idea seems to be for me very like as to restrict dba to access the database. ...
      (comp.databases.oracle.server)
    • Re: Blackhole
      ... So why NOT restrict direct root access? ... Thats right, around 220 years to brute force my 8 character, all ... > no root login means there is 0 chance for any kind of brute> force hacking of any kind on that account. ...
      (RedHat)
    • Re: user acct su access only
      ... > I want to restrict a user account so that it cannot have direct ... Can root be restricted this way as well? ... You can add only certain user's to the wheel group to be able to su to ...
      (comp.os.linux.security)