Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
10-07-2009, 06:19 PM
|
#16
|
Member
Registered: Aug 2007
Distribution: CentOS
Posts: 48
Original Poster
Rep:
|
nomb--thanks for the tips. I'm already rolling with pubkey auth only, and it is a big improvement. Will consider changing the port--it is an option since I'm the only one logging in remotely. OS X keychain is cool for pubkeys with passwords, btw...it even works for sftp clients--no fuss, no muss, just drops you right into the account. I was surprised the first time I tried to login with pubkey in OS X Term and the OS presented a dialog for the pubkey password (not bash)...and it offers a checkbox for storing the local pubkey password in the keychain. Nice.
|
|
|
10-07-2009, 07:01 PM
|
#17
|
Member
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675
Rep:
|
Awesome, well if you are using pubkeys and have password auth turned off then you shouldn't really see any failed password attemps because if they don't try to connect with a key it will just drop it.
nomb
|
|
|
10-08-2009, 02:28 AM
|
#18
|
Member
Registered: Aug 2007
Distribution: CentOS
Posts: 48
Original Poster
Rep:
|
OK, so I have:
PermitRootLogin no
PasswordAuthentication no
#PubkeyAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
AllowUsers [my login name] <---my login, not root
I was also curious why the daemon is logging the way it is with these settings--I'm assuming it is showing the user name in the auth failure because the user name is being passed as a parameter, yes? So then the name isn't in the AllowUsers list and the daemon reports the "not listed in AllowUsers" entry...
Aside from some sort of url/parameter list overload or exploit to the daemon, with these settings, the cracker would need to know your private and public keys AND AllowUsers name to gain entry, correct? And given the two key sizes, aside from an act of the almighties, the chances of brute force are beyond the realm of possibility.
|
|
|
10-08-2009, 10:02 AM
|
#19
|
Member
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675
Rep:
|
Quote:
Originally Posted by spaceageliving
OK, so I have:
PermitRootLogin no
PasswordAuthentication no
#PubkeyAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
AllowUsers [my login name] <---my login, not root
I was also curious why the daemon is logging the way it is with these settings--I'm assuming it is showing the user name in the auth failure because the user name is being passed as a parameter, yes? So then the name isn't in the AllowUsers list and the daemon reports the "not listed in AllowUsers" entry...
Aside from some sort of url/parameter list overload or exploit to the daemon, with these settings, the cracker would need to know your private and public keys AND AllowUsers name to gain entry, correct? And given the two key sizes, aside from an act of the almighties, the chances of brute force are beyond the realm of possibility.
|
Unless an exploit is discovered in the handling of the public / private keys you are correct. But that is what privileged separation is suppose to help you with. There is also the possibility of a man-in-the-middle attack but someone would really have to want to be after you.
nomb
|
|
|
All times are GMT -5. The time now is 09:23 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|