[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Securing SSH

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] Securing SSH
From: jody salt <jody_leigh_salt@xxxxxxxxxxx>
Date: Mon, 3 Oct 2005 18:15:04 +0100 (BST)

I have an idea....

I don't know if its been done already - but it would
be cool if you could have some sort of fake ssh login
that would log you in a fake computer system if you
get the wrong password, you could then have secret
command (specified in a configuration file) that you
could use to verify that you have actually logged in
correctly.

This would completly ruin these sort cracking
attempts, as the malware used will have no way of
knowing if it was a genuine success i.e. it will
always seem like a success.

You could then log all the commands etc used, and
build a profile of the cracker - whats commands they
use and what files they try to upload etc...

It must of been done already??

Any thoughts?

Cheers

Jody

--- Philip Radford <phil@xxxxxxxxxx> wrote:

> ----- Original Message ----- 
> From: "John Horne" <john.horne@xxxxxxxxxxxxxx>
> To: <list@xxxxxxxxxxxxx>
> Sent: Monday, October 03, 2005 12:41 PM
> Subject: Re: [LUG] Securing SSH
> 
> 
> > On Mon, 2005-10-03 at 11:11 +0100, Philip Radford
> wrote:
> >> Hi all,
> >>
> >> I was wondering if anyone has had any experience
> with configuring and
> >> securing the SSH daemon from unauthorised access.
> I have recently
> >> discovered that my server was being targeted by a
> dictionary attack
> >> via SSH on Port 22 and therefore got me thinking
> about ways to
> >> restrict by IP address or even not to use remote
> SSH login via the
> >> root login at all and access the server via
> alternative means.
> >>
> > I tend to restrict SSH using the TCP wrapper
> (/etc/hosts.allow file).
> > I'm running Fedora Core 4, so your distro may/may
> not have built it with
> > TCP wrappers enabled. I have never enabled root
> login (ssh or not).
> >
> >
> > John.
> 
> Thanks for that John,
> 
> That sounds interesting. Could you point me in the
> right direction for 
> achieving this. We are using Red Hat 9 which is
> dated by todays standards 
> but we are looking at RHEL in the near future.
> 
> Wouldn't /(/etc/hosts.allow) block access to all
> daemons coming in via eth0 
> and not just SSH. Unless that is what this wrapper
> is intended to achieve.
> 
> Thanks for your advice.
> 
> Regards
> Philip Radford.
> 
> 
> 
> --
> The Mailing List for the Devon & Cornwall LUG
> Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list"
> in the
> message body to unsubscribe. FAQ:
> www.dcglug.org.uk/linux_adm/list-faq.html
> 

___________________________________________________________ 
How much free photo storage do you get? Store your holiday 
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html

Follow-up: Re: [LUG] Securing SSH
- From: David Johnson
Follow-up: Re: [LUG] Securing SSH
- From: James/DarkCow
Follow-up: Re: [LUG] Securing SSH
- From: Simon Waters
Follow-up: Re: [LUG] Securing SSH
- From: Benjamin A'Lee

References:
- Re: [LUG] Securing SSH
  - From: Philip Radford

Prev by Date: Re: [LUG] Exeter Meeting 27th October - agenday ideas
Next by Date: Re: [LUG] Securing SSH
Previous by thread: Re: [LUG] Securing SSH
Next by thread: Re: [LUG] Securing SSH
Index(es):
- Date
- Thread