Chris on 26 Apr 2005 15:38:49 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] Increase in SSH break-in attempts?

Assuming you are using sudo to alleviate having to give out the root
password I suppose you would be more susceptible to an attack if the
attacker knows a login that is configured in /etc/sudoers. I think that is a
lot to assume the attacker knows but I suppose it does open you up a bit
more then just using su.

At least as far as I know, anyone want to elaborate or drop some knowledge
on us? I am always up for learning something new.

-----Original Message-----
[] On Behalf Of Art Alexion
Sent: Tuesday, April 26, 2005 11:28 AM
To: Philadelphia Linux User's Group Discussion List
Subject: Re: [PLUG] Increase in SSH break-in attempts?

I have a system that uses 'sudo <command>' instead of 'su', though I
have created a real root account in addition.  Does this create a
greater risk for root break-ins?

Chris wrote:

>I always thought this was rather common. When I check our logs I see 30 or
>40 attempts within a minute trying random usernames about once or twice a
>day. So far I have chalked it up to script kiddies or some other vein
>attempt to find an easy way inside. I was surprised to learn our webhost
>(Verio) just recently is disabling remote root login over SSH. Thankfully
>already standardized disabling our root logins but I would hate to think of
>all those people who didn't AND have easily cracked usernames/passwords.
>-----Original Message-----
>[] On Behalf Of Mike Leone
>Sent: Tuesday, April 26, 2005 10:11 AM
>Subject: [PLUG] Increase in SSH break-in attempts?
>Anybody else noticing an increase lately, in the number of break-in
>via SSH? I'm seeing more and more things like this, over the last few


Art Alexion
Arthur S. Alexion LLC
arthur [at] alexion [dot] com
aim: aalexion
sms: 2679725536 [at] messaging [dot] sprintpcs [dot] com

PGP fingerprint: 52A4 B10C AA73 096F A661  92D2 3B65 8EAC ACC5 BA7A
The attachment -- signature.asc -- is my electronic signature; no need for
Info @

Key for signed PDFs available at
The validation string is TTJY-ZILJ-BJJG.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --