de-peering for security sake
Mike Hammett
nanog at ics-il.net
Sat Dec 26 22:42:53 UTC 2015
Different network types will have different abilities to enforce this.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest Internet Exchange
http://www.midwest-ix.com
----- Original Message -----
From: "Jared Mauch" <jared at puck.nether.net>
To: "Joe Abley" <jabley at hopcount.ca>
Cc: nanog at nanog.org
Sent: Saturday, December 26, 2015 3:21:03 PM
Subject: Re: de-peering for security sake
> On Dec 26, 2015, at 11:14 AM, Joe Abley <jabley at hopcount.ca> wrote:
>
> With respect to ssh scans in particular -- disable all forms of
> password authentication and insist upon public key authentication
> instead. If the password scan log lines still upset you, stop logging
> them.
Or if you can’t get users to use keys (aside from remove the users) consider things like:
example /etc/ssh/sshd_config
Match User root
PasswordAuthentication no
for users that should not be permitted to fall-back to password authentication.
- Jared
More information about the NANOG
mailing list