[CentOS] pop3 attack

John Hinton webmaster at ew3d.com
Wed Dec 10 16:48:10 UTC 2008 

Ned Slider wrote:
> Chris Boyd wrote:
>   
>> You can keep compromised accounts from logging in via ssh with the  
>> "AllowUsers" option in your /etc/ssh/sshd_config file.  Add that  
>> option followed by a list of user names that you want to be able to  
>> log in, ex:
>>
>> # Only let Fred Guru and Joe Admin in, block anyone
>> # else even if they have a valid password.
>> AllowUsers fred joe
>>
>> And you should also set "PermitRootLogin no" while you are in  
>> sshd_config.
>>
>> Be sure to do a "service sshd restart" after you change the file, and  
>> do a test login _before_ you log out of your current session.  Saves  
>> cursing and late night drives to remote servers in case sshd barfs  
>> somehow :-)
>>
>> --Chris
>>
>>     
>
> Nice tip - AllowUsers added to the Wiki page on securing SSH:
>
> http://wiki.centos.org/HowTos/Network/SecuringSSH
>
> Thanks!
>
> Ned
>
>   
I don't have many clients that actually need or use ssh. I control it 
via hosts.allow and hosts.deny

For instance.

cat hosts.deny
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!

sshd : ALL

cat hosts.allow
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#

sshd : 192.555.555. : allow
sshd : 192.555.55.555 : allow
sshd : localhost : allow

Of course the IP addresses have been changed to protect the......

In hosts.allow, the first line is an example of opening sshd to any IP 
address in that class C
The second line, an example to specific IP addresses
and the third to localhost (and I don't remember why I needed to add 
that but it was an internal program)

John Hinton

More information about the CentOS mailing list