Re: MORE SSH Hacking: heads-up

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David L Norris wrote:

On Sat, 2004-07-31 at 00:12 -0700, Michael wrote:


People seem to be going through great efforts to counter something that
isn't all that uncommon. Sometimes the simplest things are left out of the
discussion. Why hasn't anybody said anything about disableing root logons
via ssh? (isn't this pretty much standard proceedure to public systems?)



Exactly... Don't enable remote login for anyone who doesn't need it.

On all my systems I create a "remote" group and add only those users who
are responsible enough to have shell access.  Then
in /etc/ssh/sshd_config I add the following:

PermitRootLogin no
AllowGroups remote

On critical systems I use only SSH keys:
PasswordAuthentication no


Many people seem to think that SSH magically makes their systems safe from intrusion. Without requiring keys SSH is as insecure as the least secure service on the machine.



Thanks for the tips on seting up remote users and using keys on critical systems.

I used SSH only to get into a test machine w/ a crashing X. It seemed extremely easy to get into the other computer. I knew the other passwords to the computer I logged into, but still an easy process. I didn't seem to be a real safe process w/ passwords allowed.

I don't normally use SSH for my own computer systems. Transferring files to one computer to another is more my use for remote machines. SSH might be useful for remote admin, but walking to the other machine is just as easy in a home network.

Thanks!

Jim



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux