SUMMARY: stopping C2 security account lockout on root via SSH

From: Mike Broderick (mikebroderick_at_gmail.com)
Date: 02/09/05

  • Next message: David Gutierrez: "What do you all think of this move from Carly." 
    Date: Wed, 09 Feb 2005 11:18:38 -0500
To: tru64-unix-managers@ornl.gov

    Based on responses I received here and in an OpenSSH forum it seems
    for security reasons the sshd was modified to always pass all login
    attempts to the underlying auth mechanism first, regardless of
    sshd_config settings and only after that override the results if sshd
    settings (PermitRootLogin, DenyUser) apply. So the only way to block
    these lockouts is with firewalling (tcp_wrappers, ipfilter, etc).

                                                                          
              _Mike

    On Wed, 26 Jan 2005 20:40:29 -0500, Mike Broderick
    <mikebroderick@gmail.com> wrote:
    > I have a couple Tru64 boxes (4.0f and 5.1b) both using C2 security
    > that get occasional root login attacks via SSH. These attacks (3000
    > hits on root last time) cause the root account to get locked. I tried
    > disabling root logins from SSH with "PerminRootLogins no" (in
    > sshd_config) but I still see failed attempts logged in the auth db
    > (u_numunsuclog for root user increments). I then tried adding
    > "DenyUsers root" too which seems to work on the 4.0f system but not on
    > 5.1b. I do get an "invalid user" error in the auth.log in both but on
    > 5.1b u_numunsuclog still increments.
    >
    > The Tru64 delivered ssh is not beig used, but rather a version of
    > OpenSSH manually downloaded/built. (4.0f has OpenSSH 3.1p1 and 5.1b
    > has 3.7.1p2) The 5.1b system was just upgraded from 5.1a to 5.1b.
    >
    >
    > _Mike
    >

  • Next message: David Gutierrez: "What do you all think of this move from Carly."

    Relevant Pages

    • Re: strange and serious problem about user login
      ... > any service other than root. ... > and I try to login as normal user except root, ... > and when I start sshd in this pc, I get no errors, but when I check ...
      (Fedora)
    • Re: safe with sshd
      ... to make sshd work so I can login with one userID only and with that ... user then su to root when logged in. ... Some distros do request that users who can to use su has to be member of the wheel group, so see to add the user who is allowed to login to the wheel group. ...
      (alt.linux)
    • Re: attack
      ... >> Someone is attacking for a certain time on port SSH2 ... >> He is trying to login as root and uses all kind of usernames. ... sshd: LOCAL, 123.456.789.000 ...
      (Fedora)
    • Re: Restricting logins by terminal
      ... > I would like to restrict user login based on the terminal where the login ... Ideally, I want Root, and ONLY Root, to be able to log ... That's all defined in your sshd config (by default root cannot login via ... shocking for getting things to work first time. ...
      (freebsd-questions)
    • SUMARY: Cant login as root
      ... As a result, i was not able to log in as root, neither create a new ... Asunto: RE: Can't login as root ... > console. ... > If we log as any other user everythig is ok, but we cannot either do su-. ...
      (Tru64-UNIX-Managers)