Re: Please Help! How to STOP them...
- From: VeeJay <maanjee@xxxxxxxxx>
- Date: Fri, 12 Jan 2007 23:39:36 +0100
What should be ENABLED and what should be DISABLED?
# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
# $FreeBSD: src/crypto/openssh/sshd_config,v 1.42.2.4 2006/11/11
00:51:28 des Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
#VersionAddendum FreeBSD-20061110
#Port 22
#Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# Change to yes to enable built-in password authentication.
#PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
What steps need to follow?
On 1/12/07, VeeJay <maanjee@xxxxxxxxx> wrote:
Thanks Reko....
Just couple of more questions...
On 1/12/07, Reko Turja <reko.turja@xxxxxxxxxxx> wrote:
>
> From: "VeeJay" <maanjee@xxxxxxxxx>
> To: < maanjee@xxxxxxxxx>; "FreeBSD-Questions"
> <freebsd-questions@xxxxxxxxxxx>
> Sent: Friday, January 12, 2007 11:43 PM
> Subject: Please Help! How to STOP them...
>
>
> >I am reading many hundred lines similar to below mentioned?
> >
> > Could you please advise me what to do and how can I make my box more
> > secure?
> >
> > Jan 9 17:54:42 localhost sshd[5130]: reverse mapping checking
> > getaddrinfo
> > for bbs-83-179.189.218.on-nets.com [218.189.179.83] failed -
> > POSSIBLE
> > BREAK-IN ATTEMPT!
> > Jan 9 17:54:42 localhost sshd[5130]: Invalid user sysadmin from
> > 218.189.179.83
>
> It's basically just script kiddies trying to get in using some ready
> made user/password pairs.
>
> Lots of info covering this has been posted in these newsgroups
> previously, but some things you might consider
>
> Moving your sshd port somewhere else than 22 - the prepackaged
> "cracking" programs don't scan ports, just blindly try out the default
> port - with determined/skilled attacker it's different matter entirely
> though.
How to change the port from 22 to something other and in what range should
I choose a number?
Use some kind of portblocker (lots in ports tree) which closes the
> port after predetermined number of attempts - or as an alternative,
> use PF to close the port for IP's in question after predetermined
> number of connection attempts in given time.
Can you suggest such port which I should install to block these attempts?
Use key based authentication and stop using passwords altogether.
What do you mean here?
Remember to keep ssh1 disabled as well as direct root access into ssh
> from the ssh config file.
How to disable SSH1 and How to stop direct root access into ssh, where to
change?
-Reko
>
>
--
Thanks!
BR / vj
--
Thanks!
BR / vj
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- Please Help! How to STOP them...
- From: VeeJay
- Re: Please Help! How to STOP them...
- From: Reko Turja
- Re: Please Help! How to STOP them...
- From: VeeJay
- Please Help! How to STOP them...
- Prev by Date: Re: Please Help! How to STOP them...
- Next by Date: Sysinstall: No Floppy Devices Found
- Previous by thread: Re: Please Help! How to STOP them...
- Next by thread: Re: Please Help! How to STOP them...
- Index(es):
Relevant Pages
|
