Re: [LUG] Securing SSH

Theo Zourzouvillys <theo@xxxxxxxxxxxxxxxx> wrote:

On Monday 03 October 2005 14:41, William Fidell wrote:

Joining in 5 days late as per normal. (yes, i am still alive!)

> But in common with other repliers I would not allow root login via ssh.
> Or, in fact, allow root to log in using any method.

I've had this dicussion time and time again [1], but there is ABSOLUTLY
NOTHING wrong with allowing root login with without-password.

in fact, allowing root login with an ssh key is more secure than ssh'ing in as
a normal user and su'ing to root [2] (when one of either the account or su
request password).

I can't be arsed to check what started this post - but - i fail to understand
the whole concept of honeypots other than for analysis by people with clue.

I'm blamed for starting this whole thing! Athough it might have expanded into other realms somewhat.

I'm not that familiar with the actual low level SSH protocol, but basically I thought it might be good idea to always return a success when trying to login. Think about it - an automated program will probably keep going though a dictionary of some sort until it gets a success then stop, or try and find other account passwords - the end result; either they get a massive list of successes (probabley millions) or they get a small number of success which is most likley to be false.

The part that started honeypot thing that when you get a false success you enter a fake shell and you have to type a secret command to check you got your password right i.e. your logged in a real shell, not a fake.