|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: nanog@nanog.org Date: Sat, 26 Dec 2015 16:42:53 -0600 (CST) From: Mike Hammett <nanog@ics-il.net> Cc: nanog@nanog.org In-Reply-To: <BC2C9DEA-5089-4C43-A39C-DC9B0D8BA45B@puck.nether.net> Errors-To: nanog-bounces@nanog.org Different network types will have different abilities to enforce this.=20 -----=20 Mike Hammett=20 Intelligent Computing Solutions=20 http://www.ics-il.com=20 Midwest Internet Exchange=20 http://www.midwest-ix.com=20 ----- Original Message ----- From: "Jared Mauch" <jared@puck.nether.net>=20 To: "Joe Abley" <jabley@hopcount.ca>=20 Cc: nanog@nanog.org=20 Sent: Saturday, December 26, 2015 3:21:03 PM=20 Subject: Re: de-peering for security sake=20 > On Dec 26, 2015, at 11:14 AM, Joe Abley <jabley@hopcount.ca> wrote:=20 >=20 > With respect to ssh scans in particular -- disable all forms of=20 > password authentication and insist upon public key authentication=20 > instead. If the password scan log lines still upset you, stop logging=20 > them.=20 Or if you can=E2=80=99t get users to use keys (aside from remove the users)= consider things like:=20 example /etc/ssh/sshd_config=20 Match User root=20 PasswordAuthentication no=20 for users that should not be permitted to fall-back to password authenticat= ion.=20 - Jared=20
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |