BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] PSA: no root login for SSH
- Subject: [Discuss] PSA: no root login for SSH
- From: richard.pieri at gmail.com (Rich Pieri)
- Date: Wed, 23 Dec 2020 13:08:23 -0500
- In-reply-to: <24547.31877.370716.337851@blazemonger.com>
- References: <2899a131-7a46-8da5-387e-2b1ae69e94bd@mattgillen.net> <24547.31877.370716.337851@blazemonger.com>
On Wed, 23 Dec 2020 12:21:09 -0500 Daniel Barrett <dbarrett at blazemonger.com> wrote: > This may be obvious, but... setting "PasswordAuthentication no" is > also a good idea to protect against ALL password-based logins -- > root's or otherwise. If sshd permits only (say) PubkeyAuthentication, > then attackers can't log in unless they have stolen the necessary > private key and decrypted its (hopefully very strong) passphrase. This. Because it is trivially easy to find login names to feed brute force attacks for examples "dbarrett" at blazemonger.com machines and "worley" at ariadne.com. Using fail2ban to stop brute force attacks is still a good idea, just in case of unpublished vulnerabilites that might permit key auth bypass or you have services which are not easily protected with key auth. -- Rich Pieri
- Follow-Ups:
- [Discuss] PSA: no root login for SSH
- From: michael.tiernan at gmail.com (Michael Tiernan)
- [Discuss] PSA: no root login for SSH
- References:
- [Discuss] PSA: no root login for SSH
- From: me at mattgillen.net (Matthew Gillen)
- [Discuss] PSA: no root login for SSH
- From: dbarrett at blazemonger.com (Daniel Barrett)
- [Discuss] PSA: no root login for SSH
- Prev by Date: [Discuss] PSA: no root login for SSH
- Next by Date: [Discuss] Fail2Ban needs some help?
- Previous by thread: [Discuss] PSA: no root login for SSH
- Next by thread: [Discuss] PSA: no root login for SSH
- Index(es):