Questions concerning Security Log
Robert Spangler
bms at zoominternet.net
Sat Apr 9 23:38:47 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 08 April 2005 03:36, Dotan Cohen wrote:
> I see that the attacker is comming from multiple IP's. Although I
> currently do not ssh into this comupter, I would like to leave that
> option open. Acually, I would like to set that up as soon as possible.
> What should I block if I am being attacked by several IP's, but I do
> not want to block ssh altogether?
I would say move to another port other then 22 as others have suggested. No
one will know except you and they won't hammer your system.
Some please correct me if I am wrong!! Here is what I am planning in the
future.
I don't have SSH up on my system yet as I have not had enough time to look
into this yet, but this is what I am thinking.
I want to use double authentication when I put SSH live and here is how I want
to do this (should anyone know of a web page that layers this out I would be
thankful).
I would like to use trusted keys, I know some people don't like this but my
thought is that if the keys don't match the connection is dropped thus not
even allowing the person to attempt to log in using a user name and password.
Then after the key is correctly identified I still would like for the user to
log in as they would normally do. This would be how I would like double
authnetication to work.
- --
Regards
Robert
Smile... it increases your face value!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFCWGeb0xJrO8dQYHgRAqOkAKCDZPdyf3+/hPW+bOIffaBBFQERDACfXR0T
Ws5K1y1K3yMO8/ovzvwtI/o=
=Gp8f
-----END PGP SIGNATURE-----
More information about the users
mailing list