dslreports logo
ForumsSoftware and Operating Systems

SecurityRe: XOR.DDoS malware distributed via brute force SSH attacks

 uniqs
10
Share
« (Not Cleanup) What is IE Protecting Me From?question about hidden updates »
This is a sub-selection from XOR.DDoS malware distributed via brute force SSH attacks

Steve
I know your IP address

join:2001-03-10
Tustin, CA

Steve to EGeezer

2015-Feb-13 11:01 am

to EGeezer

Re: XOR.DDoS malware distributed via brute force SSH attacks

There's a feature of recent SSH that I have found really useful, especially at customer installations where we need to allow my access externally.

In /etc/ssh/sshd_config I set an option that allows connections from the local network to login as root and/or with a password, but from the outside, only an SSH key will work, and then only as a non-root user.
PermitRootLogin no
PasswordAuthentication no
 
Match Address 192.168.1.0/24,127.0.0.1,::1
  PermitRootLogin yes
  PasswordAuthentication yes
I use SSH keys almost exclusively, but there's simply no way I can get all my customers to, so this reduces the risk of outside exposure while still allowing convenient internal access.

Steve
· actions · 2015-Feb-13 11:01 am ·

EUS
Kill cancer
Premium Member
join:2002-09-10
canada

EUS

Premium Member

2015-Feb-13 11:27 am

Yes keys are a pain to manage, but it mitigates so many security problems.
Coupled with failtoban (easy to use iptables), sleeping at night becomes easy.
Thumbs up for the internal local network mini howto, I never thought of this.
· actions · 2015-Feb-13 11:27 am ·

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran to Steve

Premium Member

2015-Feb-13 8:21 pm

to Steve
That's pretty cool. I should do that on mine.
· actions · 2015-Feb-13 8:21 pm ·
ForumsSoftware and Operating SystemsSecurity
« (Not Cleanup) What is IE Protecting Me From?question about hidden updates »
This is a sub-selection from XOR.DDoS malware distributed via brute force SSH attacks