[Triumf-linux-managers] FYI, SSH dictionary attacks ramping up
Kelvin Raywood
kray at triumf.ca
Tue Dec 8 16:44:56 PST 2009
Just to clarify a couple of points
Andrew Daviel wrote:
> We block hosts which show more than 16 password failures/day across
> the site, as reported to syslog.
The blocking is in effect as soon as the failure count reaches 16 in a
day or less.
> Mitigation:
> ...
> - disable password logins for root:
> - in /etc/ssh/sshd_config, set "PermitRootLogin without-password"
For those that installed SL-4.5 or higher via a TRIUMF kickstart, you
can apply this configuration change through a TRIUMF rpm.
yum install triumf-sshd-protect_root
Removing the rpm backs out the change.
Kel Raywood
TRIUMF Core Computing and Networking
More information about the Triumf-linux-managers
mailing list