http://michaeldundas.com/2009/12/17/a-simple-and-common-network-attack/ Precision, Integrity, Communication Fri, 30 Mar 2012 09:51:26 +0000 hourly 1 http://wordpress.org/?v=3.3.2 http://michaeldundas.com/2009/12/17/a-simple-and-common-network-attack/comment-page-1/#comment-4736 Clear2Go Mon, 21 Dec 2009 11:00:00 +0000 http://michaeldundas.com/?p=1225#comment-4736 <a href="#comment-4732" rel="nofollow">@Dan Siemon </a> Both are good suggestions. I have never seen an install process ask the installation for a default list of users permitted to SSH and then create an appropriate config. I wonder if there are any? If not, might be a good thing for developers to add. @Dan Siemon
Both are good suggestions. I have never seen an install process ask the installation for a default list of users permitted to SSH and then create an appropriate config. I wonder if there are any? If not, might be a good thing for developers to add.

]]> http://michaeldundas.com/2009/12/17/a-simple-and-common-network-attack/comment-page-1/#comment-4732 Dan Siemon Mon, 21 Dec 2009 04:10:04 +0000 http://michaeldundas.com/?p=1225#comment-4732 I have several computers with SSH open to the world so I can always reach them. The first thing I do after installation is to disable all authentication mechanisms other than public key (ie no passwords). This means I can only login from other devices with the appropriate keys but it makes dictionary attacks useless. I also add an AllowUsers statement. This limits remote access to a very small subset of the user accounts on the system. I have several computers with SSH open to the world so I can always reach them. The first thing I do after installation is to disable all authentication mechanisms other than public key (ie no passwords). This means I can only login from other devices with the appropriate keys but it makes dictionary attacks useless. I also add an AllowUsers statement. This limits remote access to a very small subset of the user accounts on the system.

]]>