-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Paul Howarth wrote:
| belongs to which "actual" user. Using suitably strong passwords (or | certificates) is probably a better fix.
Another trick to avoid these automated ssh scripts is to move off port 22. (Don't use 12345, pick a random port)
Edit the line near the top of /etc/ssh/sshd_config
Port 12345
and
iptables -I INPUT -ptcp --dport 12345 -j ACCEPT
or
iptables -I INPUT -ptcp --dport 12345 -s 192.168.0.0/16 -j ACCEPT (only allows connects from 192.168.*.* ... don't use if your IP might change subnet, eg, cablemodem user, or you might get locked out of your server!)
on the commandline and copied to /etc/rc.local (or apparently service iptables save, but I am too crunchy to have tried that)
and
service sshd restart
and voila, port 22 is closed and is uninterested in evil scripts, and port 12345 is where your ssh is at. To use the alternative port it is marginally more grief:
ssh -p12345 user@host
scp -P12345 user@host:/path destination
(note capital P on SCP switch).
- -Andy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCVkHCjKeDCxMJCTIRAqSRAJ4ygHTdvPo2RYyvVj4222Ou3dCcdQCfcur/ wmE7oM9XokqC3n+g3sceR90= =UoK2 -----END PGP SIGNATURE-----