SSH hacked?

[Mark Haney]

Res wrote:

>>>
>> I fail to see how that's incorrect, then?  I occasionally see attempts
>> to break in with root, but not that often.  That wasn't really my point.
>> The point is that not allowing ANY privileged account login access via
>> any method effectively makes breaking in with them impossible. This is
> 
> Breaking in with them perhaps, but what if they get in under a user, a 
> user that happens to be auth'd to su/sudo/whatever, never be complacent 
> about possible threats.

Of course, I do not dispute that.  I'm talking about limiting the number
of possible attack vectors.  Hacking root gives a hacker full rights.
Exploiting a user account still means the hacker has find a way to get
root privileges.  Granted if that user has sudo rights, that's just as
bad, but not every user account has that right, so it's not a guarantee.



> 
>> something we learned a LONG time ago.  Blocking everything and opening
>> what you need is much easier than having it wide open and then trying to
>> close the barn door.
> 
> Absolutely which is why all but 2 servers have ssh denied on border and 
> core routers allowing only those of us who have that right to gain entry 
> from home etc (there is a reason those 2 allow public access, and 
> naturally there root passwords, although identical, are nothing like the 
> main network root pass's)
> 


-- 
Frustra laborant quotquot se calculationibus fatigant pro inventione
quadraturae circuli

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Call (866) ERC-7110 for after hours support