On Sun, 8 Jan 2006 05:55 am, Bliss, Aaron wrote: > I would be careful of using the wheel group to allow ssh > logins, as admins typically use this group in sudoers file to > grant root access for non-root users; granting the wheel group > ssh logins as well as root access is essentially allowing root > access over ssh anyway; although an outside attacker would at > least have to guess the non-root user's id and password. > > -----Original Message----- > From: Stephen Carville [mailto:stephen@xxxxxxxxxxxxxx] > Sent: Saturday, January 07, 2006 9:40 AM > To: General Red Hat Linux discussion list > Subject: Re: is this an intruder? > > Marty Landman wrote: > > Not sure if I'm reading this right as this is new to me but > > it appears someone in Denmark spent about 10 minutes trying > > a variety of userid's to start an ssh session on my network > > gateway. > > Yep! If you do not need ssh, your best defense is to disable > it. > > Otherwise. > > Turn off root login and designate a group for oter ssh logins. > At home I just use "wheel." > This sounds dangerous -- wheel is normally an alternative to the root group introduced for compatibility with some forms of BSD where it is the base privileged group. Malcolm Kay > in /etc/ssh/sshd_config > > PermitRootLogin no > AllowGroups wheel > > Restart sshd > > Put you and anyone else who must have ssh access in the group > wheel. Make sure they have good passwords. > > Other possible changes are to only allow ssh protocol 2 and to > change the external port. Check 'Protocol", "Port" and > ListenAddress" in man sshd_config. > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
