Antti J. Huhtala wrote:
You should also set up SSH to only use key pairs to allow logins. Not username/passwork logins. This will foil "dictionary" attacks. If you do need to allow username/passwork logins, use one of the rate limiting packages to block the attacker after 3 or for login failed logins in a row, or more then x attempts from one IP address in a short period of time. Picking good passwords helps as well.A spot of overkill, perhaps? In my modest experience my Linux box has been compromised thŕee (3) times that I know of. The first was an RH 6.2 box, and my present box has been invaded twice, first during the FC6 era and then soon after my F8 installation last December. Each and every time the invader came in through ssh. Against my better judgement in installing F8 I allowed ssh to remain a "secure service" as suggested by the F8 installer. Well, it proved not to be. There seem to be some "sportsmen" out there who just can't resist the temptation of an open ssh port. Now, if I plan to use ssh to connect to my box from a remote location, I'm going to have iptables rules to allow ssh only from known addresses. Not very flexible, perhaps, but I don't want to allow these sportsmen in again. In each case, just wiping the installation clean and reinstalling with ssh port closed seems to have done the trick. My 2 c. Antti
Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
Attachment:
signature.asc
Description: OpenPGP digital signature
