[WBEL-users] SSH Hack/Login attempts

jamaguy jamaguy@nervesync.com
Sun, 08 Aug 2004 18:19:26 +0700 

Another useful sshd_config directive that isn't in the sshd_config by 
default any longer in most releases is AllowUsers.  If you can get away 
with allowing only a limited x number of users from certain hosts and 
denying the rest it can be very handy.  Otherwise there is also a 
directive for DenyUsers.

example:
    AllowUsers nonprivuser@192.168.0.1 nonprivuser2@192.168.0.2  
nonprivuser3

Each user or user@host is delimited by a space and are on one line (word 
wrapping is not your friend if the list is longer than 3 or 4 users 
allowed from specific hosts...)

The directive doesn't seem to support ranges of IPs,  so it is allow 
from one host or allow from all hosts, unless one forgoes using the 
@host portion altogether (nonprivuser3 above) and lets in host ranges 
using iptables instead.

Is also good to disable SSH v1 (Protocol 2) turn off 
PasswordAuthentication (PasswordAuthentication no), turn on 
PubkeyAuthentication (PubkeyAuthentication yes)  (AuthorizedKeysFile  
.ssh/authorized_keys) and generate keys pairs using ssh-keygen for users 
(then prepare to spend the next week fielding questions from them on how 
to use keys - If you use it note that ssh.com's win32 ssh client 
requires the full commercial version to support Keys, PuTTY - tweak the 
session defaults before using it, I've heard that there are default 
connection settings that are not secure unless changed prior to 
connection... anyone? - and cygwin openssh clients are also workable 
alternatives for client ssh client access using PublicKeyAuth ).

More info:
    man sshd_config

Ben

Jeff Maze wrote:

>Hello,
>	I was wondering if there's a way to block some user names/accounts
>from attempting to be logged into via SSH.  Lately, over the last week or
>so, I've seen a lot of login attempts via test, admin, and guest accounts.
>I have the PermitRootLogin=No in the sshd_conf file but was wondering if I
>add the above mentioned accounts, they won't even get a password prompt.
>	Thanks..
>
>Oh yea, there aren't admin, test, nor guest accounts created on the machine
>but they keep trying to use them to login.
>
>
>
>_______________________________________________
>Whitebox-users mailing list
>Whitebox-users@beau.org
>http://beau.org/mailman/listinfo/whitebox-users
>  
>