Re: is this an intruder?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Marty Landman wrote:

Not sure if I'm reading this right as this is new to me but it appears someone in Denmark spent about 10 minutes trying a variety of userid's to start an ssh session on my network gateway.

Yep!  If you do not need ssh, your best defense is to disable it.

Otherwise.

Turn off root login and designate a group for oter ssh logins. At home I just use "wheel."

in /etc/ssh/sshd_config

PermitRootLogin  no
AllowGroups      wheel

Restart sshd

Put you and anyone else who must have ssh access in the group wheel. Make sure they have good passwords.

Other possible changes are to only allow ssh protocol 2 and to change the external port. Check 'Protocol", "Port" and ListenAddress" in man sshd_config.

--
Stephen Carville <stephen@xxxxxxxxxxxxxx>
Unix and Network Admin
Nationwide Totalflood
6033 W. Century Blvd
Los Angeles, CA 90045
310-342-3602

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux