[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

de-peering for security sake

Subject: de-peering for security sake
From: jared at puck.nether.net (Jared Mauch)
Date: Sat, 26 Dec 2015 16:21:03 -0500
In-reply-to: <-1680641458761921693@unknownmsgid>
References: <278703070.5666.1451139598778.JavaMail.mhammett@ThunderFuck> <[email protected]> <-1680641458761921693@unknownmsgid>

> On Dec 26, 2015, at 11:14 AM, Joe Abley <jabley at hopcount.ca> wrote:
> 
> With respect to ssh scans in particular -- disable all forms of
> password authentication and insist upon public key authentication
> instead. If the password scan log lines still upset you, stop logging
> them.

Or if you can?t get users to use keys (aside from remove the users) consider things like:

example /etc/ssh/sshd_config
Match User root
	PasswordAuthentication no

for users that should not be permitted to fall-back to password authentication.

- Jared

Follow-Ups:
- de-peering for security sake
  - From: nanog at ics-il.net (Mike Hammett)

References:
- de-peering for security sake
  - From: nanog at ics-il.net (Mike Hammett)
- de-peering for security sake
  - From: list at satchell.net (Stephen Satchell)
- de-peering for security sake
  - From: jabley at hopcount.ca (Joe Abley)

Prev by Date: de-peering for security sake
Next by Date: de-peering for security sake
Previous by thread: de-peering for security sake
Next by thread: de-peering for security sake
Index(es):
- Date
- Thread