10-15-2007
Probably the simplest way is not to block individual IPs but to switch SSH to a higher and obscure port number, switch to an exclusive public key authentication model, and only allow explicit blocks of IP to access if possible. Blocking IPs are usually futile because these IPs most often do not represent the real cracker's IP. They just crack into many vulnerable systems and use those as shields to break in others' systems for one-time only and so the list is essentially infinite, and you will see new IPs emerge every day. They have many of these victim hosts at their disposal so if you block one they simply switch to another.
7 More Discussions You Might Find Interesting
1. Cybersecurity
REPLAY ATTACK.
Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies
2. Cybersecurity
About 3 days ago our Apache logs started filling with the following errors:
mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows)
OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified
These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies
3. Cybersecurity
Hi,
I have a belkin router installed and a look at the security log has got me worried a little bit.
Security log:
Fri Jan 29 20:41:46 2010
=>Found attack from 68.147.232.199.
Source port is 58591 and destination port is 12426 which use the TCP protocol.
Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies
4. Cybersecurity
In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else? (10 Replies)
Discussion started by: Action
10 Replies
5. Cybersecurity
Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning:
What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies
6. UNIX for Dummies Questions & Answers
Hi everyone,
I've got an extensive collection of seismic files that I am trying to turn into workable subsurface data collection. It's all real-time history and it is being loaded onto the main linux computer from a collection of about 1000 CDs. There are about 4000 seismic files on each CD, and... (3 Replies)
Discussion started by: ws6transam
3 Replies
7. Emergency UNIX and Linux Support
Dear community,
my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql.
I identified the IPs who attack me and block it through iptable firewall from debian.
Something like:
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP
This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies
LEARN ABOUT CENTOS
sss_ssh_authorizedkeys
SSS_SSH_AUTHORIZEDKE(1) SSSD Manual pages SSS_SSH_AUTHORIZEDKE(1)
NAME
sss_ssh_authorizedkeys - get OpenSSH authorized keys
SYNOPSIS
sss_ssh_authorizedkeys [options] USER
DESCRIPTION
sss_ssh_authorizedkeys acquires SSH public keys for user USER and outputs them in OpenSSH authorized_keys format (see the "AUTHORIZED_KEYS
FILE FORMAT" section of sshd(8) for more information).
sshd(8) can be configured to use sss_ssh_authorizedkeys for public key user authentication if it is compiled with support for either
"AuthorizedKeysCommand" or "PubkeyAgent"sshd_config(5) options.
If "AuthorizedKeysCommand" is supported, sshd(8) can be configured to use it by putting the following directive in sshd_config(5):
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
If "PubkeyAgent" is supported, sshd(8) can be configured to use it by using the following directive for sshd(8) configuration:
PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u
OPTIONS
-d,--domain DOMAIN
Search for user public keys in SSSD domain DOMAIN.
-?,--help
Display help message and exit.
EXIT STATUS
In case of success, an exit value of 0 is returned. Otherwise, 1 is returned.
SEE ALSO
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8),
sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8),
sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),pam_sss(8).
AUTHORS
The SSSD upstream - http://fedorahosted.org/sssd
SSSD
06/17/2014 SSS_SSH_AUTHORIZEDKE(1)