[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 25/11/13 14:19, Matt Lee wrote: > Is there any reason to allow root SSH access at all? > > Keys only, users only, block failed IPs -- maybe consider changing the > SSH port even? > No, never ever ever ever allow root logins. That's basically rule number 0, very poor show. Whilst I agree that changing the default SSH port is useless, only allow key based logins for a couple of restricted users. Use visudo to lock down your elevation privileges so only certain users can initiate system tasks. Alternatively, remove sudo completely and manually elevate to root with "su -". I'd be interested to know the general server configuration... I'm presuming it wasn't very hardened. No GRSEC/PAX/SELinux I'm guessing, and probably not even piping syslogs to a locked down separate server? But I'd be taking the server offline ASAP, and rebuilding from my image and backups. Regards -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq