MORE SSH Hacking: heads-up
Jim Cornette
fc-cornette at sbcglobal.net
Sun Aug 1 16:38:35 UTC 2004
David L Norris wrote:
>On Sat, 2004-07-31 at 00:12 -0700, Michael wrote:
>
>
>>People seem to be going through great efforts to counter something that
>>isn't all that uncommon. Sometimes the simplest things are left out of the
>>discussion. Why hasn't anybody said anything about disableing root logons
>>via ssh? (isn't this pretty much standard proceedure to public systems?)
>>
>>
>
>Exactly... Don't enable remote login for anyone who doesn't need it.
>
>On all my systems I create a "remote" group and add only those users who
>are responsible enough to have shell access. Then
>in /etc/ssh/sshd_config I add the following:
>
>PermitRootLogin no
>AllowGroups remote
>
>On critical systems I use only SSH keys:
>PasswordAuthentication no
>
>
>Many people seem to think that SSH magically makes their systems safe
>from intrusion. Without requiring keys SSH is as insecure as the least
>secure service on the machine.
>
>
>
Thanks for the tips on seting up remote users and using keys on critical
systems.
I used SSH only to get into a test machine w/ a crashing X. It seemed
extremely easy to get into the other computer. I knew the other
passwords to the computer I logged into, but still an easy process. I
didn't seem to be a real safe process w/ passwords allowed.
I don't normally use SSH for my own computer systems. Transferring
files to one computer to another is more my use for remote machines. SSH
might be useful for remote admin, but walking to the other machine is
just as easy in a home network.
Thanks!
Jim
More information about the fedora-list
mailing list