On Mon, 19 Nov 2007, Damien Hull wrote:
> I setup a test server on Friday. Needed something to play on.
>
> * Ubuntu 7.10 server
> * User: administrator
> * Password: password
> * OpenSSH server: port 22 (default)
>
> I was about to change the password but changed my mined at the last
> minute. I thought it would be cool to see how long it took before
> someone got in. Well, I was unable to login this morning.
Always an entertaining exercise, but I'm surprised it took them that long.
All of which should point out a few safety tips for any box exposed to
public networks:
1) Root/administrator accounts should *never* be allowed to log in
remotely. The only access to superuser accounts should be on a
physical console or via su from a wheel group member. Let me be
more blunt: if you allow root to log in remotely for any reason
you're an idiot.
2) Sshd should be configured to restrict login privileges to a specific
group (other than users), and it should not allow empty passwords.
This guarantees that just because some idiot packager who adds
accounts to your box to support a service but forgets to either
randomize or set a password can't be used to gain shell access.
3) Ideally, you should also be running a script that watches for
failed authentication attempts and automatically firewalls off the
offending IP after n number of attempts.
4) Also ideally, if you can restrict access to ssh to specific networks
and/or IPs by both firewall and tcp wrappers, you should.
This is all part of hardening 101, and while basic, is tremendously
important. The vast majority of software vulnerabilities are local
exploits, not remote, so doing everything possible to restrict shell access
is essential.
--Arthur Corliss
Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Nov 19 19:20:02 2007
This archive was generated by hypermail 2.1.8 : Mon Nov 19 2007 - 19:20:03 AKST