LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Brute-Force SSH Server Attacks Surge (InformationWeek)

Brute-Force SSH Server Attacks Surge (InformationWeek)

Posted May 15, 2008 2:51 UTC (Thu) by gdt (subscriber, #6284)
In reply to: Brute-Force SSH Server Attacks Surge (InformationWeek) by tialaramex
Parent article: Brute-Force SSH Server Attacks Surge (InformationWeek)

Fedora could improve, a lot.

Firstly, it could ask on the installer screen if a ssh server for remote administration is needed. And if it is it could insist on a non-root user name and a reasonable password. It could offer the alternative for public-key only access. It should not be possible to SSH to a Fedora machine as root.

Secondly, it could restrict ssh usage to just the users which need it. Create a group sshusers and require incoming ssh to be a member of that group.

Thirdly, it could add GUI tools to make public keys simpler to use.

Fourthly, it could issue a banner upon ssh connection. This will increase traffic bills for scanning machines, making their owners on ADSL billing plans pay attention.

Fifthly, it could ask the user the address range of their local trusted network upon installation and set /etc/hosts.allow (which sshd obeys) accordingly.

OpenSSH could also help. Stacking authentication (such as requiring public key and login password) would be very useful.

I've found on the well-known servers which we run that moving the ssh port only works for a day at the most.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds