how to tell when you have a hacker?

Gerard Snitselaar snits at snitselaar.org
Fri Feb 17 23:05:24 MST 2006


Anything you do to ssh will have no effect on sudo. They are separate
things that have no relation to each other. Secure Shell in its common
use is basically a secure form of a telnet session. It uses encryption
to secure the transmission of data. To see if it is running look in the
ps output for sshd. I would recommend setting permit root login to no.
All that means is that root can not login through ssh. You can login as
yourself and still use sudo. I would also recommend looking at
AllowUsers, which can restrict what usernames can login via ssh. You
might even research ssh more and look at turning off password
authentication, and using key authentication.

On Sat, 2006-02-18 at 00:21 -0500, Mike wrote:
> My password is more complex than a name. (it isn't even a word). But please do 
> share with me how to check if ssh is open, what port it is on, and how to 
> change it..... HEY look at that! sshd must be where to do that. Is all I have 
> to do is change the number by the word 'Port'? (it has a 22 next to it now)
> 
> Then there is the line that says: 'permit root login yes' Should I change that 
> one to no? If I do that what will happen to sudo and when I need to log roots 
> account into a termnal?
> 
> On Friday 17 February 2006 11:48 pm, Craig White wrote:
> > you've only been on the hsi for about a week and it's not likely your
> > box was cracked already but if you are using something really simple for
> > a password like mike or password and you have ssh open and on standard
> > port 22, it's not going to take all that long for someone to hack their
> > way in.
> >
> > Also, you probably want to make certain that root can't log in via
> > password in sshd_config and all the rage now on Fedora/RHEL is denyhosts
> > package which automatically adds entries for ip addresses with 5 (or
> > configurable) consecutive failed login attempts in ... hosts.deny (duh)
> > Also, I've found it more peaceful to change the ssh port to something
> > above 1024.
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 



More information about the PLUG-discuss mailing list