[PLUG] PermitRootLogin no
chris (fool) mccraw
gently at gmail.com
Tue Apr 20 21:28:43 UTC 2010
On Tue, Apr 20, 2010 at 14:01, glen e. p. ropella <gepr at tempusdictum.com> wrote:
>
> I'm running sshd on a server and I've set:
>
> PermitRootLogin no
>
> But I _assumed_ it would stop attempts like the following:
>
> -----------------------
> Apr 19 07:11:49 huntlab sshd[15840]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=204.228.225.88
> user=root
>
> Apr 19 07:11:50 huntlab sshd[15840]: Failed password for root from
> 204.228.225.88 port 50082 ssh2
> -----------------------
It won't let them login even if they guess the right password.
But aside from explicitly firewalling every IP you won't ever want to
connect from completely, you're pretty well stuck in reactionary mode:
wait for the (guaranteed to fail) attempt and then block it.
i use the program 'denyhosts' to kick people off the lawn after 3
failed login attempts. but it only defends against IP's that knock 3
times. still a lot better to read logs with 3 attempts in, than 3000.
and it's pretty versatile so can work for other services (ftp for
instance) that someone might also try to break into with brute force
repeated attempts.
> And I've heard babble about PAM settings and such. So, I'm thinking
> that I just don't have it locked up completely. I expected the sshd
> server to immediately refuse the connection without having to go through
> the challenge response or password auth.
i don't know of anything like that, but if you find something that
isn't talked about on list, please let us know!
More information about the PLUG
mailing list