Use strong passwords

| | Comments (1)
Passwords that are random enough to resist dictionary attacks are quite difficult to create, and even harder to remember. Personally, I think writing down your password, while suboptimal, is far superior to using a weak password. Bruce Schneier reccomends that you write down your password

personally, I think that even if you leave the (strong) password on a post-it on your monitor (please don't do that) it's still safer than using a weak password. Nobody in China can see the post-it, but anyone in the world can try passwords against your server.

The possibility of a dictionary attact is not an idle threat; see below for evidence from my servers.

this is just a small snippet of a logfile from my mailserver:
Feb  3 09:39:14 luke sshd[4004]: input_userauth_request: invalid user tester
Feb  3 09:39:14 luke sshd[4002]: pam_unix(sshd:auth): check pass; user unknown
Feb  3 09:39:14 luke sshd[4002]: pam_unix(sshd:auth): authentication failure; lo
gname= uid=0 euid=0 tty=ssh ruser= rhost=raq121.servercity.co.uk 
Feb  3 09:39:16 luke sshd[4003]: Failed password for invalid user admin from 217
.205.136.63 port 35143 ssh2
Feb  3 09:39:16 luke sshd[4002]: Failed password for invalid user tester from 21
7.205.136.63 port 35142 ssh2
Feb  3 09:39:17 luke sshd[4005]: Received disconnect from 217.205.136.63: 11: By
e Bye
Feb  3 09:39:17 luke sshd[4004]: Received disconnect from 217.205.136.63: 11: By
e Bye
Feb  3 09:39:18 luke sshd[4007]: Invalid user tester from 217.205.136.63
Feb  3 09:39:18 luke sshd[4008]: input_userauth_request: invalid user tester
Feb  3 09:39:18 luke sshd[4007]: pam_unix(sshd:auth): check pass; user unknown
Feb  3 09:39:18 luke sshd[4007]: pam_unix(sshd:auth): authentication failure; lo
gname= uid=0 euid=0 tty=ssh ruser= rhost=raq121.servercity.co.uk 
Feb  3 09:39:18 luke sshd[4006]: Invalid user admin from 217.205.136.63
Feb  3 09:39:18 luke sshd[4009]: input_userauth_request: invalid user admin
this file, which was rotated several days ago:
[lsc@luke ~]$ sudo wc -l /var/log/secure 
261677 /var/log/secure

devide that by 4 or 5 to get the number ot attemted logins... but that's still a lot I've checked a few other public servers I have access to, and this is not unusual. Use Strong Passwords.

1 Comments

Along these lines...
For private email and IMAP access to it, I installed postfix and dovecot.

It turned out that the way I configured this (which was as close to out-of-the-box as I could get it), root was able to relay mail through my system with smtps, even though root can NOT ssh in, and some spammer eventually figured this out with a dictionary attack.

I think the default prgmr.com root password made this real easy.

For anyone who tries this, I suggest adding a file of allowed smtps users and having PAM restrict dovecot to these by adding this to the end of /etc/pam.d/dovecot:

auth required pam_listfile.so \
onerr=succeed item=user sense=allow file=/etc/dovecot/access.allow

Leave a comment