can't figure out ssh, read lots of docs...
Rick Preston
rickjpreston at gmail.com
Wed Jun 1 22:44:08 GMT 2005
I just want to add a little about allowing root login over ssh and
using common user names as login names if I may. I just left an admin
job where we were running a live server and I used to read the log
files everyday. The number of brute force attempts to login in to
sshd was staggering sometimes over 700 attempts in a day from many
different locations.(usually script kiddies) I had the only user
account so it wasn't my users making mistakes. 90%+ of the attempts
were for the root account. The other 10% were for common names like
steven, rick, and paul the list goes on.
So I would recommend that you keep root login disabled and don't use
common names for login names. Most people where setting up scripts to
block the offending attacker.
Not to mention every security document or site I have ever read has
said "Don't allow remote root login"
Thanks for letting me spew,
Rick
On 6/1/05, Steven Friedrich <FreeBSD at insightbb.com> wrote:
> Thanks to Nathan Kinkade, Roland Smith, Greg Barniskis, and Rick Preston for
> the replies. Each gave me quite a bit of info and I'm still digesting it.
>
> I've been successful using ssh-agent, though I have to enter the passphrase
> each time I run my script. That's really only an annoyance now because I'm
> developing the script and have to enter it often. That goes away when the
> script is stable.
>
> I've been using ssh to login to my local machines for quite some time and
> never realized I didn't have it set up quite right, because it was asking for
> a passwd, which means all other means failed.
>
> What I did notice though, is that I can't login as root using ssh. I haven't
> found this mentioned in the man pages.
>
> Anybody know where it's documented, whether it can be changed, and would that
> be a colossal mistake?
>
> I mean, hey, it's a secure shell, why can't I login as root?
>
> The reason I want to use root is because I'm trying to scp /etc/master.passwd
> from each of my four machines so I can write them to a CD for backup.
>
More information about the freebsd-questions
mailing list