>Jonathan North Washington <jonwashi@indiana.edu> wrote:
>> However, I still want to be able to open up putty from a public
>> machine somewhere and ssh to my server. Is there any way to allow
>> myself to do this short of memorising my public key or carrying it
>> around with me on flash drive or something?
>
>Just change your /etc/ssh/sshd_config to run the daemon on some high
>random port and be sure you have a strong password and you'll be fine.
>
>The automated brute force attacks are looking for the "low hanging
>fruit" -- servers w/ the SSH daemon running on 22/TCP with weak user
>passwords.
I didn't realize that these brute force attempts were so common. Had
to go check and see if I was getting hit with such attempts. Indeed,
I am. About 1500 failed attempts in the last month. As Jeremy says,
they seems to be looking for low-hanging fruit: most of the failed are
attempts are to log in as 'root', which is actually not possible on my
system. Many other popular usernames are being tried: "oracle",
"mysql", "www", etc. no one has attempted to log in as a username
that is actually has a password or a shell configured. I only have
one account that is open for ssh logins, and no one has even tried
that username. At 1500 attempts per month, it would be a really long
time before they got the password correct even if they knew the
username.
I supposed using a non-standard port would keep your log files
cleaner, but I don't know that it really makes you any more secure.
However, realizing that these brute force attempts are so common, I
would definitely make sure that root cannot ssh in, and use a
non-obvious username and a strong password for any accounts that can
ssh in. Then, it seems like you should be fine.
David
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
No comments:
Post a Comment