HPE Community
Operating System - HP-UX
1753745 Members
4774 Online
108799 Solutions
New Discussion юеВ

sshd and locked root account

 
Robert Olsson_1
Occasional Contributor

тАО06-10-2005 07:26 AM

тАО06-10-2005 07:26 AM

sshd and locked root account

Hello everyone!
I have HPUX B.11.11 (Trusted system) with HP-UX Secure Shell (T1471AA from hpux.connect.org.uk) installed.
This node is connected to Internet so people can connect with ssh to it.
And the root account is locked out all the time because of the script-kiddies, to run the sshd on another port is not an solution...
Does anyone know how to solve this?
Thank you for your response and help :-)

Important info:
uname -sr: HP-UX B.11.11
sshd -v: OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct 2004
HP-UX Secure Shell-A.04.00.000, HP-UX Secure Shell version
/opt/ssh/etc/sshd_config: PermitRootLogin no
/etc/securetty: console
0 Kudos
4 REPLIES 4
Steven E. Protter
Exalted Contributor

тАО06-10-2005 07:45 AM

тАО06-10-2005 07:45 AM

Re: sshd and locked root account

I had the very same problem. Here was my final fix.

By default ssh listens on 0.0.0.0 as in all interfaces.

#ListenAddress 0.0.0.0
ListenAddress 192.168.0.70


By adding this entry I was able to make it stop listening on the public internet NIC.

/sbin/init.d/secsh stop
/sbin/init.d/secsh start

If you only have one interface and its on the public Internet this solution will not work.

I did build a trigger program/daemon that stopped the script kiddies 95% of the time, but that wasn't good enough.

SEP
http://www.isnamerica.com/contactsep.shtml
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Bill Hassell
Honored Contributor

тАО06-10-2005 01:52 PM

тАО06-10-2005 01:52 PM

Re: sshd and locked root account

ssh is being attacked by a massively large number of script kiddies. This started in depth about a year ago. The absolute best solution is to NEVER allow root login from telnet *or* ssh. For telnet, create /etc/securetty and make it a zero-length file. For ssh, edit the sshd config files and set:

PermitRootLogin no

Then install and use sudo for all root activities. The sshd config prevents attempts to login as root from ever getting to a password request--thus, no failed login counts.


Bill Hassell, sysadmin
0 Kudos
D Block 2
Respected Contributor

тАО06-10-2005 02:15 PM

тАО06-10-2005 02:15 PM

Re: sshd and locked root account

yes, turn off root from coming via ssh, for we were being hacked too.. and we limited the ssh client connections to only allow certain login accts (it's backwards, that is, we explaned the NotAllow List in the sshd config file.).
Golf is a Good Walk Spoiled, Mark Twain.
0 Kudos
Robert Olsson_1
Occasional Contributor

тАО12-19-2005 12:00 AM

тАО12-19-2005 12:00 AM

Re: sshd and locked root account

I use a quick n dirty cronjob which unlocks the root's account.
It is run every minute and checks if the account is locked or not.
And ofcourse! root is not allowed to login (but still he get his account locked, so it's not really a security issue, but it is strange).

Thank you all for your help.
Robert
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.