OT: password crackers
Sean Gibbins
sean at funkygibbins.me.uk
Wed Feb 8 07:22:56 UTC 2006
On Wed, February 8, 2006 6:41 am, Toby Kelsey said:
> Which ones are needed and can I track which
> packages
> are responsible for which ones? When packages are uninstalled is the
> password
> for the relevant account locked?
Look at it another way: who needs to be able to ssh in to your box? I
would suggest that only you, toby, does. Lock down ssh so that no root
logins are allowed and users must supply a certificate when logging in.
>
> Is this rate of attack fairly typical?
Yes.
>
> Is it worth trying to take action against the hosts involved?
No.
>
> Can I easily block specific hosts, or prevent repeated attempts from the
> same host?
You can, but unless you are really getting hammered to the point of
performance degradation, I wouldn't bother.
>
> I could just uninstall openssh-server, as I do not need it currently.
You don't need to go that far if you feel you might need it some day: just
prevent it from starting automatically. I wish you'd put that question up
front! ;o)
Sean
More information about the ubuntu-users
mailing list