[SunHELP] SSH Server Operations

Sheldon T. Hall shel at cmhcsys.com
Thu Aug 19 09:38:22 CDT 2004


Vermette, Matt Spawar (723) writes ...

> I have also secured my SSH Server daemon by allowing MaxConnections 2.

That's you plus only one cracker, right?

I think what you want to do is have a reasonable number of connections, but
limit access through the "AllowUsers" setting in SSHD's configuration file.
You also want to make sure you have the very latest SSH code.  If the SSH
port is exposed to the Internet, you might also consider access control at
the packet level, using something like ipfilter.

At the moment, there is an automated SSH exploit making the zombie rounds;
my SSH port has been probed from IP addresses all over the world.  The
exploit seems aimed at an older version of RedHat Linux, one that defaulted
to no passwords on a couple of accounts (test and guest), but some of the
attempts on my machine have tried other accounts (root, admin) as well.> I
could do a "ctrl break" at the console to access the "ok" 

-Shel



More information about the SunHELP mailing list