increasing failed sshd logins/clearing breadcrumb trails

Glenn Sieb ges+lists at
Tue Sep 14 21:21:25 PDT 2004

Tim Aslat said the following on 9/14/2004 10:51 PM:

>In the immortal words of Glenn Sieb <ges+lists at>...
>>I've been getting this for weeks. They're all under APNIC, and emails
>>to abuse at the involved networks has gone unanswered.
>I've been getting these as well, but from a multitude of address spaces.
> Not just APNIC.
I should have been clearer--the ones coming in on *my* server have all 
been from APNIC :-/

>Agreed.  However if you 'Absolutely' require something to be done
>remotely as root, make it a pub/priv key sequence and limit the command
>using the keys.
*nod* But I really can't think of any reason to have an exposed machine 
allow a direct-root login... Probably I just haven't had that particular 
need or experience yet...

But with protected machines? Sure--at my old job (at Lumeta) we had our 
"one trusted" machine which was allowed to ssh as root (using keys only) 
to our internal machines. For purposes of pushes/pulls/upgrades/stuff 
along those lines.

>Very sane practice
*nod* I'd like to think Tal rubbed off on me a bit :)

>It is possible that the box was compromised and the utmp/wtmp log
>removed/edited/etc, and I would start looking immediately for other
>traces of a possible intrusion.
*nod* Hopefully he wasn't hacked--that would be major suckage :-/


"They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety.  
          ~Benjamin Franklin, Historical Review of Pennsylvania, 1759

More information about the freebsd-questions mailing list