[mythtv-users] ssh attack
Steve Adeff
adeffs at gmail.com
Sat Dec 31 15:33:18 EST 2005
On Friday 30 December 2005 00:02, Robert Kulagowski wrote:
> >>This of course won't happen behind a properly configured firewall,
> >> correct?
> >>
> >>Darren Hart wrote:
> >>>I'm sure nobody here is dumb enough to do this, but since I was,
> >>>thought I'd pass the word.
> >>>
> >>>There is an ssh attack going around with a brute force login using
> >>>2187 different username/password pairs, one such pair happens to be:
> >>>
> >>>mythtv:mythtv
>
> If you need to use ssh from outside your firewall, you could do what
> I've done; get rid of a password-based logon alltogether and use public
> / private keys.
>
> Since I use putty at work, it's what I'm familiar with. In a Windows
> environment:
>
> 1) Download putty, puttygen and pageant from
> http://www.chiark.greenend.org.uk/~sgtatham/putty/
>
> 2) Run puttygen to generate a public / private keypair.
> 3) Take the public key portion (it's just text) and paste it into
> ~/.ssh/authorized_keys
> 4) Edit /etc/pam.d/ssh and look for the line:
> # Standard Un*x authentication.
> @include common-auth
>
> Put a "#" infront of @include common-auth so that it's:
> #@include common-auth
>
> This will restrict ssh from looking at /etc/passwd and /etc/shadow
> 5) Create a passphrase for the key that you just created. Take the
> private key that puttygen created for you and save it. You'll need it
> _every_ time you login from that point on, even internally. If you're
> using putty, you'll need to provide the filename in connection > ssh >
> auth when you're setting up your connection profile.
> 6) If you don't want to keep typing your passphrase every time, load the
> private key into pageant; you type it in once, and then if you use putty
> to login, pageant will supply the passphrase automatically.
> _______________________________________________
I've been meaning to give this method a try since I ssh from my laptop to my
two servers constantly. Hopefully your writeup will translate well to an all
linux environment.
thanks!
--
Steve
More information about the mythtv-users
mailing list