What about protocol 2 RSA PubkeyAuthentication? Doesn't this provide enough protection so that the selection of users and groups is not important? Mike. -- Michael D. Berger m.d.berger@xxxxxxxx > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Bliss, Aaron > Sent: Saturday, January 07, 2006 2:25 PM > To: 'Stephen Carville'; General Red Hat Linux discussion list > Subject: RE: is this an intruder? > > > I would be careful of using the wheel group to allow ssh > logins, as admins > typically use this group in sudoers file to grant root access > for non-root > users; granting the wheel group ssh logins as well as root access is > essentially allowing root access over ssh anyway; although an outside > attacker would at least have to guess the non-root user's id > and password. > > -----Original Message----- > From: Stephen Carville [mailto:stephen@xxxxxxxxxxxxxx] > Sent: Saturday, January 07, 2006 9:40 AM > To: General Red Hat Linux discussion list > Subject: Re: is this an intruder? > > Marty Landman wrote: > > > Not sure if I'm reading this right as this is new to me but > it appears > > someone in Denmark spent about 10 minutes trying a variety > of userid's > > to start an ssh session on my network gateway. > > Yep! If you do not need ssh, your best defense is to disable it. > > Otherwise. > > Turn off root login and designate a group for oter ssh > logins. At home > I just use "wheel." > > in /etc/ssh/sshd_config > > PermitRootLogin no > AllowGroups wheel > > Restart sshd > > Put you and anyone else who must have ssh access in the group wheel. > Make sure they have good passwords. > > Other possible changes are to only allow ssh protocol 2 and to change > the external port. Check 'Protocol", "Port" and > ListenAddress" in man > sshd_config. > > -- > Stephen Carville <stephen@xxxxxxxxxxxxxx> > Unix and Network Admin > Nationwide Totalflood > 6033 W. Century Blvd > Los Angeles, CA 90045 > 310-342-3602 > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > > www.preferredcare.org > "An Outstanding Member Experience," Preferred Care HMO Plans > -- J. D. Power and Associates > > Confidentiality Notice: > The information contained in this electronic message is > intended for the exclusive use of the individual or entity > named above and may contain privileged or confidential > information. If the reader of this message is not the > intended recipient or the employee or agent responsible to > deliver it to the intended recipient, you are hereby notified > that dissemination, distribution or copying of this > information is prohibited. If you have received this > communication in error, please notify the sender immediately > by telephone and destroy the copies you received. > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
