illegal user root user failed login attempts
Emanuel Strobl
Emanuel.strobl at gmx.net
Wed May 18 14:11:31 PDT 2005
Am Mittwoch, 18. Mai 2005 22:56 schrieb Kirk Strauser:
> On Tuesday 17 May 2005 09:36, Peter Kropholler wrote:
> > As things stand, ssh is designed so you can't get at people's
> > passwords and I am leaving it alone. Focussing instead on the task of
> > making sure my passwords are strong, limiting AllowUsers to specific
> > users and trusted ip addresses, and moving ssh off port 22.
>
> Alternatively, scrap all that and force RSA authentication after
> disabling password login. I could give you my root password (and even
> my personal password) and there isn't jack you can do with it because no
> services authenticate off it; it's only useful for logging in locally.
IMHO that's the only way to cope with these crappy hacked boxes.
Additionally that was the original idea of SSH as far as I know.
Maybe time to think about disabling ChallangeResponseAtuh
in /etc/ssh/sshd_conf by default in FreeBSD?
-Harry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050518/a9c5e7ef/attachment.bin
More information about the freebsd-questions
mailing list