[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
I have an idea.... I don't know if its been done already - but it would be cool if you could have some sort of fake ssh login that would log you in a fake computer system if you get the wrong password, you could then have secret command (specified in a configuration file) that you could use to verify that you have actually logged in correctly. This would completly ruin these sort cracking attempts, as the malware used will have no way of knowing if it was a genuine success i.e. it will always seem like a success. You could then log all the commands etc used, and build a profile of the cracker - whats commands they use and what files they try to upload etc... It must of been done already?? Any thoughts? Cheers Jody --- Philip Radford <phil@xxxxxxxxxx> wrote: > ----- Original Message ----- > From: "John Horne" <john.horne@xxxxxxxxxxxxxx> > To: <list@xxxxxxxxxxxxx> > Sent: Monday, October 03, 2005 12:41 PM > Subject: Re: [LUG] Securing SSH > > > > On Mon, 2005-10-03 at 11:11 +0100, Philip Radford > wrote: > >> Hi all, > >> > >> I was wondering if anyone has had any experience > with configuring and > >> securing the SSH daemon from unauthorised access. > I have recently > >> discovered that my server was being targeted by a > dictionary attack > >> via SSH on Port 22 and therefore got me thinking > about ways to > >> restrict by IP address or even not to use remote > SSH login via the > >> root login at all and access the server via > alternative means. > >> > > I tend to restrict SSH using the TCP wrapper > (/etc/hosts.allow file). > > I'm running Fedora Core 4, so your distro may/may > not have built it with > > TCP wrappers enabled. I have never enabled root > login (ssh or not). > > > > > > John. > > Thanks for that John, > > That sounds interesting. Could you point me in the > right direction for > achieving this. We are using Red Hat 9 which is > dated by todays standards > but we are looking at RHEL in the near future. > > Wouldn't /(/etc/hosts.allow) block access to all > daemons coming in via eth0 > and not just SSH. Unless that is what this wrapper > is intended to achieve. > > Thanks for your advice. > > Regards > Philip Radford. > > > > -- > The Mailing List for the Devon & Cornwall LUG > Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" > in the > message body to unsubscribe. FAQ: > www.dcglug.org.uk/linux_adm/list-faq.html > ___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html