Re: [incidents] Re: SSH bruteforce on its way...
From: Tim Kennedy (tim_at_timkennedy.net)
Date: 10/24/05
- Previous message: Paul Robertson: "Re: SSH bruteforce on its way..."
- In reply to: Paul Robertson: "Re: SSH bruteforce on its way..."
- Next in thread: Michael.Lang_at_jackal-net.at: "Re: SSH bruteforce on its way..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Oct 2005 18:21:25 +0000 To: Paul Robertson <compuwar@gmail.com>
On Thu, 20 Oct 2005, Paul Robertson wrote:
> 6.) Use AllowUsers to limit which accounts can use SSH.
As an addendum to 6., on most modern Linux systems[1], you can use
the pam_succeed_if.so PAM module to also perform some username
filtering, which can help prevent root access in the event of a
vulnerability on SSH. Also, since it just returns access denied,
as though you'd gotten the password wrong, it doesn't do anything
to confirm if accounts are valid or invalid for attackers.
in /etc/pam.d/sshd:
account sufficient pam_succeed_if.so login = <username>
-Tim
[1] RedHat derived systems seem to all have this module, though I
know that Solaris does not.
-- Tim Kennedy || There are 10 types of people on Earth. http://public.xdi.org/=tck || Those who understand binary, tim@timkennedy.net || and those who don't.
- application/pgp-signature attachment: stored
- Previous message: Paul Robertson: "Re: SSH bruteforce on its way..."
- In reply to: Paul Robertson: "Re: SSH bruteforce on its way..."
- Next in thread: Michael.Lang_at_jackal-net.at: "Re: SSH bruteforce on its way..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
