[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH attacks

Subject: Re: SSH attacks
From: Ken Garland <email@hidden>
Date: Tue, 29 Nov 2005 12:08:13 -0500
Delivered-to: email@hidden
Delivered-to: email@hidden
User-agent: Mozilla Thunderbird 1.0.7 (Macintosh/20050923)

your using ipfw (default bsd firewall utility). since you only have two users and they are sshing from the internet i would suggest stopping all inbound traffic on the ssh port as default then allow only the ip addresses which the users are coming from. if they are traveling or want to connect from many places then instead make it so your ssh only authenticates with keys instead of user/password logins. this way any attempt at a standard login will be ignored and your users will need to establish keys with the server in order to connect. this also makes it easier to connect as you will no longer need to enter a password. this method is more secure than the standard login/password method.

simply changing the port may stop random attacks from people, but any decent scanner will quickly catch which port you are running your ssh server on, and then the attacks begin all over.

Philip Ershler wrote:

Hi, One option is to change the port that ssh uses. This can be done by editing /etc/ssh_config. You can change it from 22 to something like 3022. Be sure to account for the port change in you firewall. That should drastically cut down on bandwidth waste.
HTH,
Phil
On Nov 29, 2005, at 5:48 AM, Bruno Schaeffer wrote:
Hi,
I am running a Mac OS X Tiger Server and I am increasingly observing attacks trying to log in via SSH and guessing user ids and passwords. The server is only accessible via SSH from the Internet and only two user ids whose passwords are well chosen can log in via SSH. Nevertheless, I would like to limit those attacks since they also consume quite some resources, esp. bandwidth. What are you practicing or suggesting? I am using the firewall which is included with Mac OS X.
Best regards
--Bruno
P.S.: Is there any literature/links on how to improve the security of a Mac OS X Server?

_______________________________________________ Do not post admin requests to the list. They will be ignored. Macos-x-server mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macos-x-server/ershler% 40cvrti.utah.edu
This email sent to email@hidden
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macos-x-server mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

References:
	>SSH attacks (From: Bruno Schaeffer <email@hidden>)
	>Re: SSH attacks (From: Philip Ershler <email@hidden>)

Prev by Date: Re: SSH attacks
Next by Date: Re: SSH attacks
Previous by thread: Re: SSH attacks
Next by thread: Re: SSH attacks
Index(es):
- Date
- Thread

Home