LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-07-2009, 05:19 PM   #16
spaceageliving
Member
 
Registered: Aug 2007
Distribution: CentOS
Posts: 48

Original Poster
Rep: Reputation: 16

nomb--thanks for the tips. I'm already rolling with pubkey auth only, and it is a big improvement. Will consider changing the port--it is an option since I'm the only one logging in remotely. OS X keychain is cool for pubkeys with passwords, btw...it even works for sftp clients--no fuss, no muss, just drops you right into the account. I was surprised the first time I tried to login with pubkey in OS X Term and the OS presented a dialog for the pubkey password (not bash)...and it offers a checkbox for storing the local pubkey password in the keychain. Nice.
 
Old 10-07-2009, 06:01 PM   #17
nomb
Member
 
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675

Rep: Reputation: 58
Awesome, well if you are using pubkeys and have password auth turned off then you shouldn't really see any failed password attemps because if they don't try to connect with a key it will just drop it.

nomb
 
Old 10-08-2009, 01:28 AM   #18
spaceageliving
Member
 
Registered: Aug 2007
Distribution: CentOS
Posts: 48

Original Poster
Rep: Reputation: 16
OK, so I have:

PermitRootLogin no
PasswordAuthentication no
#PubkeyAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
AllowUsers [my login name] <---my login, not root


I was also curious why the daemon is logging the way it is with these settings--I'm assuming it is showing the user name in the auth failure because the user name is being passed as a parameter, yes? So then the name isn't in the AllowUsers list and the daemon reports the "not listed in AllowUsers" entry...

Aside from some sort of url/parameter list overload or exploit to the daemon, with these settings, the cracker would need to know your private and public keys AND AllowUsers name to gain entry, correct? And given the two key sizes, aside from an act of the almighties, the chances of brute force are beyond the realm of possibility.
 
Old 10-08-2009, 09:02 AM   #19
nomb
Member
 
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675

Rep: Reputation: 58
Quote:
Originally Posted by spaceageliving View Post
OK, so I have:

PermitRootLogin no
PasswordAuthentication no
#PubkeyAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
AllowUsers [my login name] <---my login, not root


I was also curious why the daemon is logging the way it is with these settings--I'm assuming it is showing the user name in the auth failure because the user name is being passed as a parameter, yes? So then the name isn't in the AllowUsers list and the daemon reports the "not listed in AllowUsers" entry...

Aside from some sort of url/parameter list overload or exploit to the daemon, with these settings, the cracker would need to know your private and public keys AND AllowUsers name to gain entry, correct? And given the two key sizes, aside from an act of the almighties, the chances of brute force are beyond the realm of possibility.
Unless an exploit is discovered in the handling of the public / private keys you are correct. But that is what privileged separation is suppose to help you with. There is also the possibility of a man-in-the-middle attack but someone would really have to want to be after you.

nomb
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban questions - How to find banned IP addresses vonedaddy Linux - Security 3 01-11-2008 04:10 AM
2.6 Kernel Config Questions Duo Secundus Linux - Hardware 10 02-19-2006 12:15 AM
firewall config questions robhargreaves Linux - Security 2 05-30-2004 05:46 AM
2 Questions About Config inescapeableus Linux - Newbie 2 04-26-2004 01:09 PM
.config and kernel questions Machiaveli Slackware 5 01-22-2004 06:55 AM


All times are GMT -5. The time now is 06:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration