is this an intruder?

Bliss, Aaron ABliss at preferredcare.org
Sat Jan 7 19:25:12 UTC 2006 

I would be careful of using the wheel group to allow ssh logins, as admins
typically use this group in sudoers file to grant root access for non-root
users; granting the wheel group ssh logins as well as root access is
essentially allowing root access over ssh anyway; although an outside
attacker would at least have to guess the non-root user's id and password.

-----Original Message-----
From: Stephen Carville [mailto:stephen at totalflood.com] 
Sent: Saturday, January 07, 2006 9:40 AM
To: General Red Hat Linux discussion list
Subject: Re: is this an intruder?

Marty Landman wrote:

> Not sure if I'm reading this right as this is new to me but it appears 
> someone in Denmark spent about 10 minutes trying a variety of userid's 
> to start an ssh session on my network gateway.

Yep!  If you do not need ssh, your best defense is to disable it.

Otherwise.

Turn off root login and designate a group for oter ssh logins.  At home 
I just use "wheel."

in /etc/ssh/sshd_config

PermitRootLogin  no
AllowGroups      wheel

Restart sshd

Put you and anyone else who must have ssh access in the group wheel. 
Make sure they have good passwords.

Other possible changes are to only allow ssh protocol 2 and to change 
the external port.  Check 'Protocol", "Port" and ListenAddress" in man 
sshd_config.

-- 
Stephen Carville <stephen at totalflood.com>
Unix and Network Admin
Nationwide Totalflood
6033 W. Century Blvd
Los Angeles, CA 90045
310-342-3602

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates

Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information.  If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited.  If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.

More information about the redhat-list mailing list