Comments on: Wild Wild West http://www.simonbuckle.com/2005/09/29/wild-wild-west/ Random thoughts for random people Tue, 03 Jan 2012 16:29:00 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Miles Barr http://www.simonbuckle.com/2005/09/29/wild-wild-west/comment-page-1/#comment-21 Miles Barr Fri, 30 Sep 2005 09:24:21 +0000 http://www.simonbuckle.com/?p=53#comment-21 These sort of attacks are normally just script kiddies. They just iterate through IP addresses until they find one with port 22 open. The ones I've seen normally go for 'admin', 'root' or 'test' user names. After my initial worry I realised they weren't going to crack my box. But visting a few Linux forums it's amazing how many people have an account 'test' on their machine without a password and ssh installed. I think having root ssh access disabled and a sufficiently long password for your other account is enough. If you're paranoid you could disable password access and require keys, but then you can't login from any machine. These sort of attacks are normally just script kiddies. They just iterate through IP addresses until they find one with port 22 open. The ones I’ve seen normally go for ‘admin’, ‘root’ or ‘test’ user names. After my initial worry I realised they weren’t going to crack my box. But visting a few Linux forums it’s amazing how many people have an account ‘test’ on their machine without a password and ssh installed.

I think having root ssh access disabled and a sufficiently long password for your other account is enough. If you’re paranoid you could disable password access and require keys, but then you can’t login from any machine.

]]>