I would be careful of using the wheel group to allow ssh logins, as admins typically use this group in sudoers file to grant root access for non-root users; granting the wheel group ssh logins as well as root access is essentially allowing root access over ssh anyway; although an outside attacker would at least have to guess the non-root user's id and password. -----Original Message----- From: Stephen Carville [mailto:stephen@xxxxxxxxxxxxxx] Sent: Saturday, January 07, 2006 9:40 AM To: General Red Hat Linux discussion list Subject: Re: is this an intruder? Marty Landman wrote: > Not sure if I'm reading this right as this is new to me but it appears > someone in Denmark spent about 10 minutes trying a variety of userid's > to start an ssh session on my network gateway. Yep! If you do not need ssh, your best defense is to disable it. Otherwise. Turn off root login and designate a group for oter ssh logins. At home I just use "wheel." in /etc/ssh/sshd_config PermitRootLogin no AllowGroups wheel Restart sshd Put you and anyone else who must have ssh access in the group wheel. Make sure they have good passwords. Other possible changes are to only allow ssh protocol 2 and to change the external port. Check 'Protocol", "Port" and ListenAddress" in man sshd_config. -- Stephen Carville <stephen@xxxxxxxxxxxxxx> Unix and Network Admin Nationwide Totalflood 6033 W. Century Blvd Los Angeles, CA 90045 310-342-3602 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list www.preferredcare.org "An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates Confidentiality Notice: The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
