brute force ssh attack
John Summerfied
debian at herakles.homelinux.org
Wed May 4 00:55:57 UTC 2005
Deron Meranda wrote:
> On 4/27/05, Aleksandar Milivojevic <amilivojevic at pbl.ca> wrote:
>
>>Daniel Kirsten wrote:
>>
>>>there are numerous brute force ssh attacks in the web.
>>>I was quite curious, and for fun, I created the typical
>>>user accounts and set easy to guess passwords....
>>
>>Generally, very bad idea. Unless you know exactly what you are doing,
>>which you obviously don't.
>
>
> Also, learn to use ssh RSA keys rather than allowing ssh passwords.
> Even if you have keys you still need to disable passwords for it
> to be secure. Doing that prevents dictionary password-guessing
> attacks. To disable ssh password access, edit /etc/ssh/sshd_config
> and set
>
> PasswordAuthentication no
>
> You may also want to disable root via ssh as well with
>
> PermitRootLogin no
>
> (After changing config either reboot or 'service sshd restart')
The first of _my_ boxes to be cracked now has ssh logins w/o passwords,
and firewall rules to allow ssh login only from select parts of the
world. No access to Americans, Russians or Israelis.
However, I do think that's more than necessary. I uses a password
generator (expect has one but there are alternatives)
I'm prepared to assume that this (defunct) password is unguessable:
q64bxjdc and that word combinations such as amaze-egg and listansett are
good enough.
One does need to watch word length though: I used calamityjane (on RHL
4.2) for some time, later discovered it was equivalent to calamityj.
--
Cheers
John
-- spambait
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
More information about the users
mailing list