Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Openssh + security
  • From: David Bear <David.Bear@xxxxxxx>
  • Date: Mon, 12 Dec 2005 15:21:14 -0700
  • Message-id: <20051212222114.GC22632@xxxxxxx>
On Sun, Dec 11, 2005 at 02:56:50PM -0800, Scott Leighton wrote:
> On Sunday 11 December 2005 2:41 pm, Bruno Cochofel wrote:
> > I need to install an ssh server and I need some information about security
> > options. I know that has been some kind off "attacks" on port 22 on the
> > internet so I want to know a little more about those options under
> > /etc/ssh/sshd_config.
> >
>
> The options are pretty well documented in man 5 sshd_config
>
> Most people seem to strongly recommend setting
>
> Protocol 2
>
> instead of
>
> Protocol 1,2
>
> and
>
> PermitRootLogin no
>
> instead of
>
> PermitRootLogin yes


how about

DenyGroup
DenyUsers
AllowGroup
AllowUsers

these seem usefull for preventing brute force attacks on accounts like
www, postgres, uucp, etc.

>
> You will also see many people recommending you change
> the default port from 22 to some high port number, but I'm
> not so sure that makes much of a difference.
>
> Scott
>
>
>
> --
> POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/
> Linux 2.6.11.4-21.9-default x86_64
> SuSE Linux 9.3 (x86-64)
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here

--
David Bear
phone: 480-965-8257
fax: 480-965-9189
College of Public Programs/ASU
Wilson Hall 232
Tempe, AZ 85287-0803
"Beware the IP portfolio, everyone will be suspect of trespassing"

< Previous Next >
Follow Ups