Date: Sun, 22 May 2005 16:13:19 -0400 (EDT) From: "Jerry Bell" <jbell@stelesys.com> To: "John DeStefano" <john.destefano@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: securing SSH, FBSD systems Message-ID: <1368.24.99.220.144.1116792799.squirrel@24.99.220.144> In-Reply-To: <f2160e0d05052205454e6071d5@mail.gmail.com> References: <f2160e0d05052205454e6071d5@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
These attacks are almost exclusively automated, looking to install a script to launch spam runs from. They're essentially trying common username and weak password combinations - blank password, passwords the same as the user name, abc123, etc. There are four things you can do to improve the secutiy of sshd: 1. Move sshd to listen on a different port. This will not protect against a concerted attack, though. 2. Check for weak passwords. John the ripper can help out with that. pam_passwdqc(8) can help you enforce strong passwords. 3. Integrate an automated log monitoring system that looks for *successful* logins, since those are really what you're worried about anyway. This can be difficult to manage if you have a log of regular shell users. 4. Keep up-to-date with security patches and advisories. Attacking your system through password guessing is much harder than using a vulnerability in sshd or some other service. I have a security guide for FreeBSD at: http://www.syslog.org/Content-5-4.phtml Jerry http://www.syslog.org > Would someone mind briefly talking about securing FBSD systems from > such attacks, at least in a manner that's a bit more extensive and > detailed than just saying "use Snort"? I'm not a newbie to FBSD, but > I'm not a *NIX guru either. I'd really appreciate your help.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1368.24.99.220.144.1116792799.squirrel>