Got hacked?

[Darrin Chandler]

On Thu, Feb 22, 2007 at 09:43:21PM -0700, Jon M. Hanson wrote:
>     I'm guessing they got in through some kind of guest account you have
> setup (but maybe didn't know about) or another common account name with
> a weak password. I constantly watch my system logs and several times a
> week I'll get a ton of attempts to try to brute force passwords to
> various accounts through SSH.

It's quite possible. I get those same attempts, and pretty much everyone
else does too. In response, some people set up elaborate schemes (port
knockers and whatnot) in order to protect themselves. It's not as secure
as they think. Allowing password authentication with good passwords is
bad. Allowing it when your password is 'golfnut' is asking for trouble.
Yes, even if you spell it 'g01FnuT'. (Ok, how many of you winced just
now because I guessed your password or got close?)

Those of you out there running sshd, PLEASE consider using ssh-keygen
and using the key pairs for authentication *instead* of passwords, and
setting "PasswordAuthentication no" in your config. It really is pretty
easy, and really will make your system safer. Of course that's not all
there is to security, but I've seen many people have otherwise secure
systems, with everything patched and up to date, and allow password auth
with weak passwords. It's like putting bars on your windows and leaving
the front door open.

-- 
Darrin Chandler                   |  Phoenix BSD Users Group
dwchandler at stilyagin.com          |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/darrin/  |