Roberto C. Sánchez wrote: > On Sun, Jun 10, 2007 at 08:20:05PM -0400, Kamaraju S Kusumanchi wrote: >> David Baron wrote: >> >> > Someone is trying to ssh on to my system. Trying on several ports. Not >> > the first time, either. Thankfully, he does not have a password. >> > Besides a bunch of Deprecated option ReverseMappingCheck, so far no >> > harm done. >> > >> > Since my logs have this IP number, how do I find out who it is? >> >> Not exactly answering your question. But I do see a lot of IPs performing >> dictionary attacks on my machine. What I do is go through >> /var/log/auth.log periodically and add the offending IPs to >> /etc/hosts.deny . That way, in future, the offending IPs cannot perform >> any dictionary attacks. I currently have around 85 IPs in this list >> (starting Apr 10, 2007) :-) >> >> You should also disable remote root logins to make the machine more >> secure. >> > The best thing you can do is to disable password logins altogether. > Using public keys is much more secure and makes it *impossible* for a > dictionary attack to succeed. >
Somehow, I am not comfortable with this. I have read in many places that key authentication is the most secure method and I agree with them. However it is not very convenient. Consider this situation. Say, I ssh into machineA from machineB. However machineB is not always known apriori. I can go to my friend's machine and want to ssh into machineA. In that case, how do I obtain get the key? Carrying the key with a USB stick is one option. But again that is also inconvenient for me. I guess convenience and security are opposite ends of the spectrum. raju -- Kamaraju S Kusumanchi http://www.people.cornell.edu/pages/kk288/ http://malayamaarutham.blogspot.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
