ssh attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> I have 2 questions. One, is there anything you can do to stop these
> attempts, other than not running ssh?

I use a pam_listfile entry in /etc/pam.d/sshd that reads a file (mine is called
/etc/sshusers).  If the user requested to log in is not in the file, the
authentication attempt is rejected.  So, if I had a user named "bob" and
someone managed to sniff "bob"'s password during a cleatext protocol
authentication session, the user would not be able to log in to the ssh server
if "bob" wasn't listed in the file.  You can do the same with groups.  The main
advantage of using this method over the AllowUsers method is that this file can
be updated, and sshd does not have to be restarted to re-read the file.  You
also might look into the pam_access module.  I've used that on occasion as
well.

Hope this helps.

Barry

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux