On Monday 03 October 2005 02:39 pm, Steve Block wrote: > On Mon, Oct 03, 2005 at 01:24:27PM -0700, Alvin Oga wrote: > >On Mon, 3 Oct 2005, Steve Block wrote: > >> I'm afraid you didn't read at all, did you? Start from the top of the > >> thread and read again, and you'll see that my question had nothing to do > > > >u sure do have an whacky attitude for being the one that is cracked > > > >the answer still is no... you are not any more secure > >for the sme identical reasons posted previously that you didnt > >read/understand to use your own words :-) > > Who said anyone was cracked? I'm trying to take a proactive security > approach here. > > Let me clarify. In a default debian/sarge install there are three > available SSH authentication options: > > 1) password > 2) keyboard-interactive with pam (would allow auth against LDAP or any > other authentication method possible with pam) > 3) public/private keys > > According to what I can see from my logs, these automated attempts are > trying to use the first method to log in. The second method is what the > standard OpenSSH client uses by default when no keys are being used, and > the log report for a failed login of this type is different than for the > automated attempts. I prefer to use the third method myself, but like I > said I am unwilling to only allow that method. > > I edited my ssh config file to disable the first method, leaving only 2) > and 3) available. With the second method a user can still log in with > their system password (default pam configuration) but the authentication > is handled by pam and not the ssh server itself (I think). My users > obviously haven't noticed, and I still normally use keys. I just want to > know if it has made it impossible for the automated dictionary attacks > to log in (the current generation, anyways). > > Sorry if I sounded snippy, it's just hard to find any solid info on > this. > > -- > Steve Block > http://ev-15.com/ > http://steveblock.com/ > [EMAIL PROTECTED]
Steve, You may want to take a look at the debian package harden-doc. They have a section about securing ssh as well as a wealth of information about securing your system. This is no means exhaustive, but it will help. John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
