Re: Nice Slashdot article of interest

From: David (shadoweyez_at_hotpop.com)
Date: 07/17/05

  • Next message: Nico Kadel-Garcia: "Re: Nice Slashdot article of interest" 
    Date: Sun, 17 Jul 2005 05:36:28 GMT

    Angry American wrote:
    > "David" <shadoweyez@hotpop.com> wrote in message
    > news:pJhCe.4462$p%3.27321@typhoon.sonic.net...
    >
    >><snip>
    >>1. Deny root login - this should be standard practice anyway.
    >
    >
    > Done
    >
    >
    >>2. Use non-standard user names. Names like admin, apache, and sql
    >>are all standard and are common user name targets.
    >
    >
    > Done
    >
    > Consider the
    >
    >>AllowUser name1,name2,name3... line in the sshd_config file to _only_
    >>allow specific user names in.
    >
    >
    > AllowUser name1,name2,name3 correct syntax?
    >
    Sorry, I was thinking about some other config file.
    Try:
            AllowUser name1 name2 name2

    BTW - when I tried it worked as advertised but it seemed that after I
    typed the user name and before I saw the password prompt there was a
    longer delay than normal. I'm assuming this is due to the fact that
    sshd is internally cross referencing AllowUser names with what's in
    /etc/passwd or a LADP database but I'm not sure. Anyone else experience
    this few second delay after enabling AllowUser?

    >
    >>3. Use strong passwords, which I'm sure anyone reading this knows
    >>what a strong password is. Strong passwords are almost _never_ in
    >>the dictionaries.
    >
    > Done.
    >
    > Thanks for the advice. One other question, where are the logs specific to
    > SSH and to SFTP located, or what are they usually called. I am using Suse
    > 9.3.
    >
    > Thanks again,
    >
    > Dan
    >
    >
    Not sure about SuSe, but on my gentoo they are in /var/log/sshd (sshd
    specific stuff, including ssh password failures) or /var/log/pwdfail
    (for all password failures). You can control sshd (and other programs)
    log locations in your syslog config files.

  • Next message: Nico Kadel-Garcia: "Re: Nice Slashdot article of interest"

    Relevant Pages

    • Re: how would openssh react face to an attack ?
      ... >but how would it react face to an attack? ... account after X password failures. ... if the OS doesn't support lockout then sshd doesn't either. ... Good judgement comes with experience. ...
      (comp.security.ssh)
    • Re: how would openssh react face to an attack ?
      ... >>we know openssh is secure and so on ... > account after X password failures. ... if the OS doesn't support lockout then sshd doesn't either. ...
      (comp.security.ssh)
    • Re: how would openssh react face to an attack ?
      ... >>>we know openssh is secure and so on ... >> account after X password failures. ... if the OS doesn't support lockout then sshd doesn't either. ... But you can disable password authentication and use keys only. ...
      (comp.security.ssh)