[TriLUG] SSH Probing...

lfwelty lfwelty at redback.com
Wed Mar 13 12:05:57 EST 2002 

Using RSA only will also help.
/etc/ssh/sshd_config:
RhostsAuthentication no
RSAAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no

And disallowing root logins should help:
PermitRootLogin no

- Note: You can still ssh in as a user su to root.

It's a little more work managing keys. 
I feel its more secure.

F.

Jon Carnes wrote:
> 
> Your rules look good - though I prefer to use ":input DENY" as my default,
> your 6th line down essentially does that... but only for tcp.
> 
> Jon
> ----- Original Message -----
> From: "Greg Brown" <gregbrown at mindspring.com>
> To: <trilug at trilug.org>
> Sent: Wednesday, March 13, 2002 9:10 AM
> Subject: Re: [TriLUG] SSH Probing...
> 
> > I'm still in learning mode when it comes to Linux and security but this
> talk
> > of ssh attacks has alarmed me somewhat.  Would the following ipchains
> > configuration be considered "secure" in most cases (eth1 connects to the
> > cable modem and eth0 is the "inside" network interface)?
> >
> > :input ACCEPT
> > :forward ACCEPT
> > :output ACCEPT
> > -A forward -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth1 -j MASQ
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 22:22 -p 6 -j ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 80:80 -p 6 -j ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 21:21 -p 6 -j ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth1 -p 6 -j DENY -y
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 25:25 -i eth0 -p 6 -j
> ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 465:465 -i eth0 -p 6 -j
> ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j DENY -y
> >
> 
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html

-- 
------------------------------------------------------------------
Frank Welty                |  15401 Weston Parkway, Suite 150
lfwelty at redback.com        |  Cary, NC 27511
Redback Networks           |  desk:919.678.2175 m: 919.264.7495
------------------------------------------------------------------

More information about the TriLUG mailing list