A great answer to dictionary attacks on root

13/09/2006, 17h35

I posted a message about disturbingly plentiful root logon dictionary
attacks that I saw in my logs.

The solution that works and I like the most is:

in /etc/ssh/sshd_config

PermitRootLogin without-password

That means that root logons are allowed ONLY with keys. No passworded
logins are allowed as root -- one MUST have a key.

I think that it is just what I need!

i

13/09/2006, 18h12

Ignoramus7715 wrote:

> PermitRootLogin without-password
>
> That means that root logons are allowed ONLY with keys. No passworded
> logins are allowed as root -- one MUST have a key.

I'd say a
PermitRootLogin no
would be more secure. After all you can use su do gain root privileges.
--
---
Cezary Morga

13/09/2006, 18h28

On Wed, 13 Sep 2006 19:12:04 +0200, Cezary Morga <cezarym@data.pl> wrote:
> Ignoramus7715 wrote:
>
>> PermitRootLogin without-password
>>
>> That means that root logons are allowed ONLY with keys. No passworded
>> logins are allowed as root -- one MUST have a key.
>
> I'd say a PermitRootLogin no would be more secure. After all you can
> use su do gain root privileges.

I need to copy some things to that machine that need to be owned by
root, from cron jobs. I need that root logon.

I do not see how it would be more risky to permit keyed root logons,
as ssh keys cannot be guessed like passwords.

If an intruder gets sufficient privileges to get a hold of actual
keys, they would likely be able to find out su passwords, as well.

i

13/09/2006, 18h58

Ignoramus7715 wrote:
> If an intruder gets sufficient privileges to get a hold of actual
> keys, they would likely be able to find out su passwords, as well.

This is not necessarily true if you keep the key on a medium which can
be physically stolen, like a USB pen. In any case it might be useful to
have two versions of the key. One is encrypted with a passphrase and you
can keep this on a less secure medium and the unencrypted key can be
used for automated backups from a secure medium.

Steven

13/09/2006, 19h09

On Wed, 13 Sep 2006 19:58:11 +0200, Steven Mocking <ufo@quicknet.youmightwanttogetridofthis.nl> wrote:
> Ignoramus7715 wrote:
>> If an intruder gets sufficient privileges to get a hold of actual
>> keys, they would likely be able to find out su passwords, as well.
>
> This is not necessarily true if you keep the key on a medium which can
> be physically stolen, like a USB pen.

I do not do that.

> In any case it might be useful to have two versions of the key. One
> is encrypted with a passphrase and you can keep this on a less
> secure medium and the unencrypted key can be used for automated
> backups from a secure medium.

That is true, but a little beside the point: the non-root accounts on
the server is question can be accessed with password. So if I was
somewhere without my root key, I could just log on as a regular user,
and then su to root.

i

13/09/2006, 20h56

Ignoramus7715 wrote:

> I need to copy some things to that machine that need to be owned by
> root, from cron jobs. I need that root logon.

You've got the point.

> I do not see how it would be more risky to permit keyed root logons,
> as ssh keys cannot be guessed like passwords.

Cause I can imagine that some time someone will find a way to compromise the
key mechanism and brake into the system, especially when you're using
passwordless keys for cron. So, for me, disallowing remote logons to the
root account always seems to be a bit more secure.

--
---
Cezary Morga

13/09/2006, 17h35	#1 (permalink)
Ignoramus7715 Messages: n/a Hébergeur:	A great answer to dictionary attacks on root I posted a message about disturbingly plentiful root logon dictionary attacks that I saw in my logs. The solution that works and I like the most is: in /etc/ssh/sshd_config PermitRootLogin without-password That means that root logons are allowed ONLY with keys. No passworded logins are allowed as root -- one MUST have a key. I think that it is just what I need! i

13/09/2006, 18h12	#2 (permalink)
Cezary Morga Messages: n/a Hébergeur:	Re: A great answer to dictionary attacks on root Ignoramus7715 wrote: > PermitRootLogin without-password > > That means that root logons are allowed ONLY with keys. No passworded > logins are allowed as root -- one MUST have a key. I'd say a PermitRootLogin no would be more secure. After all you can use su do gain root privileges. -- --- Cezary Morga

13/09/2006, 18h28	#3 (permalink)
Ignoramus7715 Messages: n/a Hébergeur:	Re: A great answer to dictionary attacks on root On Wed, 13 Sep 2006 19:12:04 +0200, Cezary Morga <cezarym@data.pl> wrote: > Ignoramus7715 wrote: > >> PermitRootLogin without-password >> >> That means that root logons are allowed ONLY with keys. No passworded >> logins are allowed as root -- one MUST have a key. > > I'd say a PermitRootLogin no would be more secure. After all you can > use su do gain root privileges. I need to copy some things to that machine that need to be owned by root, from cron jobs. I need that root logon. I do not see how it would be more risky to permit keyed root logons, as ssh keys cannot be guessed like passwords. If an intruder gets sufficient privileges to get a hold of actual keys, they would likely be able to find out su passwords, as well. i

13/09/2006, 18h58	#4 (permalink)
Steven Mocking Messages: n/a Hébergeur:	Re: A great answer to dictionary attacks on root Ignoramus7715 wrote: > If an intruder gets sufficient privileges to get a hold of actual > keys, they would likely be able to find out su passwords, as well. This is not necessarily true if you keep the key on a medium which can be physically stolen, like a USB pen. In any case it might be useful to have two versions of the key. One is encrypted with a passphrase and you can keep this on a less secure medium and the unencrypted key can be used for automated backups from a secure medium. Steven

13/09/2006, 19h09	#5 (permalink)
Ignoramus7715 Messages: n/a Hébergeur:	Re: A great answer to dictionary attacks on root On Wed, 13 Sep 2006 19:58:11 +0200, Steven Mocking <ufo@quicknet.youmightwanttogetridofthis.nl> wrote: > Ignoramus7715 wrote: >> If an intruder gets sufficient privileges to get a hold of actual >> keys, they would likely be able to find out su passwords, as well. > > This is not necessarily true if you keep the key on a medium which can > be physically stolen, like a USB pen. I do not do that. > In any case it might be useful to have two versions of the key. One > is encrypted with a passphrase and you can keep this on a less > secure medium and the unencrypted key can be used for automated > backups from a secure medium. That is true, but a little beside the point: the non-root accounts on the server is question can be accessed with password. So if I was somewhere without my root key, I could just log on as a regular user, and then su to root. i

13/09/2006, 20h56	#6 (permalink)
Cezary Morga Messages: n/a Hébergeur:	Re: A great answer to dictionary attacks on root Ignoramus7715 wrote: > I need to copy some things to that machine that need to be owned by > root, from cron jobs. I need that root logon. You've got the point. > I do not see how it would be more risky to permit keyed root logons, > as ssh keys cannot be guessed like passwords. Cause I can imagine that some time someone will find a way to compromise the key mechanism and brake into the system, especially when you're using passwordless keys for cron. So, for me, disallowing remote logons to the root account always seems to be a bit more secure. -- --- Cezary Morga

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email