Educause Security Discussion mailing list archives

Re: Remote Access to Staff Desktops

From: "Miller, Don C." <donm () UIDAHO EDU>
Date: Fri, 20 Feb 2009 09:45:47 -0800

We use DenyHosts on our public facing ssh hosts.  It is *very* simple to
setup and sends e-mail notices and denies access to the remote host when
an attack is detected.  It is old but good.

http://denyhosts.sourceforge.net/

Don Miller
University of Idaho

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dexter Caldwell
Sent: Friday, February 20, 2009 5:29 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Remote Access to Staff Desktops

I severely limit ssh access form off-campus, however, we have some
legacy
systems where access is historical or where we've granted it.  We
constantly get ssh brute force attacks on these servers.  The best thing
I've done to shut this down is use an ssh brute force signature on the
ips
to terminate these attemps.  It's been quite successful and users
haven't
noticed the change.

D/C
The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> writes:

On Wed, 18 Feb 2009 09:14:52 CST, Mark Monroe said:

We allow it only through VPN. For Users who say they need ssh open 
without vpn, they can have it open only if they implement technology

on

their box that will blacklist  any ip  address after  3 failed

attempts

and any ip address that  tries to use root. I have not opened any yet

outside systems run by core IT staff. I guess they didn't really need

it.

Or they really *did* need it, but they ran into troubles deploying your
requirements, gave up, and are now fulfilling their business need with
some cobbled-up scheme involving storing their data on some offsite

server

you have absolutely no administrative control over... ;)

(I've seen more than one "block any address that tries to use root" go
badly
astray when the sysadmin accidentally tried to ssh to the other box

from

an
'su' window on their local box, and then was of course unable to

connect

to the
remote box to fix the problem.  Of course, at that point, they were

*also*

unable to fix the *other* problem which was the reason they were

ssh'ing

to the
box in the first place. Anybody want to guess what happened to that

code

as soon as that sysadmin *was* able to login? ;)

Current thread:

Re: Remote Access to Staff Desktops, (continued)
- Re: Remote Access to Staff Desktops Emilio Valente (Feb 18)
- Re: Remote Access to Staff Desktops Hugh Burley (Feb 18)
- Re: Remote Access to Staff Desktops Anthony Maszeroski (Feb 18)
- Re: Remote Access to Staff Desktops Greg Francis (Feb 18)
- Re: Remote Access to Staff Desktops Stanclift, Michael (Feb 18)
- Re: Remote Access to Staff Desktops Valdis Kletnieks (Feb 19)
- Re: Remote Access to Staff Desktops Dexter Caldwell (Feb 20)
- Re: Remote Access to Staff Desktops Himes, Daniel (Feb 20)
- Re: Remote Access to Staff Desktops Hammond, Stanley (Feb 20)
- Re: Remote Access to Staff Desktops Scott Dier (Feb 20)
- Re: Remote Access to Staff Desktops Miller, Don C. (Feb 20)
- Re: Remote Access to Staff Desktops James R. Pardonek (Feb 20)
- Re: Remote Access to Staff Desktops Valdis Kletnieks (Feb 21)
- Re: Remote Access to Staff Desktops Dexter Caldwell (Feb 22)
- Re: Remote Access to Staff Desktops Avdagic, Indir (Feb 23)
- Re: Remote Access to Staff Desktops Hugh Burley (Feb 25)