|
|
10.4: Disable ssh password login under Tiger
I went from dozens of attacks to zero with a very simple change :
10.4: Disable ssh password login under Tiger
I'm not so sure about changing the port -- the logs on my G5 at work showed repeated attempts to ssh using random ports as well as random usernames. Even if the script used the wrong port, the syslog still recorded hundreds of attempts to ssh in.
The only solution I could come up with was to use tcpwrappers: deny ssh access to any IP that is not part of the domain at work, or part of the domain my ISP uses. That reduced the hundreds attempts to the occasional "sshd access denied to (random ip)" note. (Plus the strong passwords and disabled root access, etc. etc.) Not the best solution, since I have to ssh into a work machine and then into the G5 if I'm away from home (to edit the /etc/hosts.allow file, at the very least) -- but it seems to work.
10.4: Disable ssh password login under Tiger
hey hagbard,
changing the port number
I changed my SSH service to a non-standard port for several months ago. It cut the unwanted login attempts down to zero, since most malware scripts only probe port 22. Obviously this is security by obscurity, and it shouldn't be your primary means of defense. But it does reduce the attack surface, as well as the noise level in the log files. How to change the sshd port depends on your Mac OS X version. These earlier hints have the details: 10.3: Changing the default SSH server port I didn't see a hint for 10.2, but I believe you do it simply by uncommenting and changing the "Port" directive in /private/etc/sshd_config. Then restart the service. For more info, type "man sshd_config" in Terminal.
changing the port number
I didn't see a hint for 10.2, but I believe you do it simply by uncommenting and changing the "Port" directive in /private/etc/sshd_config. Then restart the service. Yes, that works (you have to have admin privileges to edit that file, of course). |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.10 seconds |
|