Index: [Article Count Order] [Thread]

Date:  Fri, 19 Oct 2007 17:15:48 -0400
From:  Brian <brian-list (at mark) comcast.net>
Subject:  [coba-e:10912] Re: ssh vulnerability question
To:  coba-e (at mark) bluequartz.org
Message-Id:  <6C755503-3AFF-4A11-9083-E573A9CC01C8 (at mark) comcast.net>
In-Reply-To:  <012a01c81283$0239b050$06ad10f0$@com>
References:  <bb9e5a970710161411o6659e0atd46dda2d838bad62 (at mark) mail.gmail.com> <bb9e5a970710171636g4a4e4564i72569ed2d8fe87db (at mark) mail.gmail.com> <091801c811b1$58c50690$6700a8c0 (at mark) OfficeKen> <200710190358.45769.bq (at mark) solarspeed.net> <0e1f01c8127e$11d91dc0$6700a8c0 (at mark) OfficeKen> <012a01c81283$0239b050$06ad10f0$ (at mark) com>
X-Mail-Count: 10912


On Oct 19, 2007, at 3:05 PM, TUNC ERESEN Skype: eresen wrote:

> Hello all
>  Could any one do a pkg? for this problem most of my attacks came  
> from this port and service..


You "should" have the version mentioned installed already as part of  
regular updating.

yum list | grep  ssh

as mentioned is one way to let you know what you have in place.

Mine setup is running the desired version, anyway, and I didn't  
install anything specially.

For keeping attacks on port 22 down, I put DenyHosts on to keep the  
pounding down a bit, and should put fail2Ban to watch the ftp.   
There's no reason to let those things just pummel away at your logins  
(I think) and sometimes user passwords get set to something guess-able.

To make sure I don't get some block I didn't mean, I put a time limit  
on the DenyHosts one; works well.

I run just a small setup for a limited # of users but this works for me.

Brian