>>This of course won't happen behind a properly configured firewall, correct? >> >>Darren Hart wrote: >> >> >>>I'm sure nobody here is dumb enough to do this, but since I was, >>>thought I'd pass the word. >>> >>>There is an ssh attack going around with a brute force login using >>>2187 different username/password pairs, one such pair happens to be: >>> >>>mythtv:mythtv
If you need to use ssh from outside your firewall, you could do what I've done; get rid of a password-based logon alltogether and use public / private keys. Since I use putty at work, it's what I'm familiar with. In a Windows environment: 1) Download putty, puttygen and pageant from http://www.chiark.greenend.org.uk/~sgtatham/putty/ 2) Run puttygen to generate a public / private keypair. 3) Take the public key portion (it's just text) and paste it into ~/.ssh/authorized_keys 4) Edit /etc/pam.d/ssh and look for the line: # Standard Un*x authentication. @include common-auth Put a "#" infront of @include common-auth so that it's: [EMAIL PROTECTED] common-auth This will restrict ssh from looking at /etc/passwd and /etc/shadow 5) Create a passphrase for the key that you just created. Take the private key that puttygen created for you and save it. You'll need it _every_ time you login from that point on, even internally. If you're using putty, you'll need to provide the filename in connection > ssh > auth when you're setting up your connection profile. 6) If you don't want to keep typing your passphrase every time, load the private key into pageant; you type it in once, and then if you use putty to login, pageant will supply the passphrase automatically. _______________________________________________ mythtv-users mailing list [email protected] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
