On Dec 9, 2008, at 2:33 PM, Bill Campbell wrote: > Once the cracker finds an account with a guessable password, they > may well > be able to get access to your system as that user via ssh, webmin, > usermin, > or other means. Given shell access, the cracker can install user- > level IRC > servers or gain root access via exploits that only work for local > users. I > have seen cases where crackers were able to change user shells and > other > information via usermin or webmin by exploiting vulnerabilities in > system > utilities thus gaining access to the system. You can keep compromised accounts from logging in via ssh with the "AllowUsers" option in your /etc/ssh/sshd_config file. Add that option followed by a list of user names that you want to be able to log in, ex: # Only let Fred Guru and Joe Admin in, block anyone # else even if they have a valid password. AllowUsers fred joe And you should also set "PermitRootLogin no" while you are in sshd_config. Be sure to do a "service sshd restart" after you change the file, and do a test login _before_ you log out of your current session. Saves cursing and late night drives to remote servers in case sshd barfs somehow :-) --Chris