Educause Security Discussion mailing list archives
Re: SSH dictionary attack dictionary
From: Patrick P Murphy <pmurphy () NRAO EDU>
Date: Mon, 10 Aug 2009 22:37:43 -0400
On Mon, 10 Aug 2009 15:57:49 -0700, Andrew Daviel <advax () TRIUMF CA> said:
Ever wondered what passwords those annoying SSH dictionary attacks were trying ? At some point I modified sshd to collect failed passwords.
Interesting. I've had chances to look at some similar logs here form time to time, and I've noticed some similar results.
I used to think these attempts were harmless given the throttling used by sshd, until we had a test server hit that was using "qazwsxedc".
Ouch (for being hacked and for having a drag-fingers-across-keyboard password). We've all taken shortcuts at times with test servers though.
suggested mitigations include moving SSH off of port 22, dynamic blocking of guessing hosts (our approach), disabling password logins for root (but allowing keys), tunnelling everything through VPNs etc. etc.
You didn't mention DenyHosts: http://denyhosts.sourceforge.net/ but it essentially fits the bill of your second suggestion. I've used it on a couple of servers here with good results. It catches an attempt or two almost daily. - Pat -- Patrick P. Murphy, Ph.D. Webmaster (East), Computing Security Manager http://www.nrao.edu/~pmurphy/ http://chien-noir.com/maze.shtml "Inventions then cannot, in nature, be a subject of property." -- Thomas Jefferson, August 13, 1813
Current thread:
- SSH dictionary attack dictionary Andrew Daviel (Aug 10)
- <Possible follow-ups>
- Re: SSH dictionary attack dictionary Patrick P Murphy (Aug 10)
- Re: SSH dictionary attack dictionary Brad Edmondson (Aug 10)
- Re: SSH dictionary attack dictionary Patrick P Murphy (Aug 11)
- Re: SSH dictionary attack dictionary John Kristoff (Aug 11)
- Re: SSH dictionary attack dictionary Bob Bayn (Aug 11)
- Re: SSH dictionary attack dictionary Chris Schenk (Aug 11)
- Re: SSH dictionary attack dictionary Louis Anthony Arminio (Aug 11)
- Re: SSH dictionary attack dictionary Di Fabio, Andrea (Aug 11)
- Re: SSH dictionary attack dictionary Bruce Curtis (Aug 11)
- Re: SSH dictionary attack dictionary Plesco, Todd (Aug 11)
- Re: SSH dictionary attack dictionary Andrew Daviel (Aug 11)