SLUG Mailing List Archives - Re: [SLUG] Chinese intruder yesterday

To: slug@xxxxxxxxxxx
Subject: Re: [SLUG] Chinese intruder yesterday
From: Erik de Castro Lopo <mle+slug@xxxxxxxxxxxxx>
Date: Fri, 14 Aug 2009 07:05:15 +1000
Organization: Erik Conspiracy Secret Labs
Reply-by: Fri Mar 4 18:43:51 EST 2000
Reply-to: slug@xxxxxxxxxxx

Jim Donovan wrote:

> I had port 22 open for a few hours yesterday but closed it when I
> noticed the following.

An open port 22 can be made safe. There are numerous articles available
on the net like the following:

    http://www.linuxjournal.com/article/8759
    http://www.debian-administration.org/articles/573

For the particular issue you had, probably the best option is to use
the AllowGroups option in sshd_config to restrict ssh access to users
of a specific group. On my machine I have

     AllowGroups sshlogin

and then add any specific users to that group.

Running SSH on a non standard port also helps.

Cheers,
Erik
-- 
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/

Follow-Ups:
- Re: [SLUG] Chinese intruder yesterday
  - From: Robert Collins
- Re: [SLUG] Chinese intruder yesterday
  - From: Matthew Hannigan

References:
- [SLUG] Chinese intruder yesterday
  - From: Jim Donovan

Messages sorted by: [ date | thread ]
Prev by Date: [SLUG] Chinese intruder yesterday
Next by Date: Re: [SLUG] Chinese intruder yesterday
Previous by thread: [SLUG] Chinese intruder yesterday
Next by thread: Re: [SLUG] Chinese intruder yesterday