[186641] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: de-peering for security sake

daemon@ATHENA.MIT.EDU (Jared Mauch)
Sat Dec 26 16:21:07 2015

X-Original-To: nanog@nanog.org
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <-1680641458761921693@unknownmsgid>
Date: Sat, 26 Dec 2015 16:21:03 -0500
To: Joe Abley <jabley@hopcount.ca>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org


> On Dec 26, 2015, at 11:14 AM, Joe Abley <jabley@hopcount.ca> wrote:
>=20
> With respect to ssh scans in particular -- disable all forms of
> password authentication and insist upon public key authentication
> instead. If the password scan log lines still upset you, stop logging
> them.

Or if you can=E2=80=99t get users to use keys (aside from remove the =
users) consider things like:

example /etc/ssh/sshd_config
Match User root
	PasswordAuthentication no

for users that should not be permitted to fall-back to password =
authentication.

- Jared


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[186641] in North American Network Operators' Group

Re: de-peering for security sake

daemon@ATHENA.MIT.EDU (Jared Mauch)Sat Dec 26 16:21:07 2015

daemon@ATHENA.MIT.EDU (Jared Mauch)
Sat Dec 26 16:21:07 2015