Full Disclosure mailing list archives
Re: Any update on SSH brute force attempts?
From: Kevin <KKadow () gmail com>
Date: Fri, 15 Oct 2004 23:23:35 -0500
On Sat, 16 Oct 2004 14:57:31 +1300, James Riden <j.riden () massey ac nz> wrote:
Jay Libove <libove () felines org> writes:What are you doing/changing about your SSH configurations to reduce the possibility of these attacks finding any kind of hole in the OpenSSH software (that's what I run, so that's the only version I'm particularly concerned about) ? Are you doing anything at all?
Use one time passwords (OTP, e.g. S/Key). Restrict which addresses are allowed to connect (via /etc/hosts.allow), and/or which user accounts are allowed from which sources (using AllowUsers in sshd_config). I l prefer to bind the listener to a specific IP address on hosts with multiple addresses, the BOFH might choose to have a tarpit *:22/TCP listener on hosts with many alias IPs..
One or more of the following, depending on local requirements: * Run on a non-standard port - this will stop brain-dead scanning programs * Use key-based auth instead of passwords * Restrict what IP addresses are allowed to connect (at your firewall) * Disable root logins * Use john or crack to audit password strength * Use logwatch or similar to monitor failed login attempts * Make a honeypot and see what techniques people are trying out (Everyone's forcing version 2 of the protocol, right?)
$ sudo tail -5 /etc/ssh/sshd_config Protocol 2 ListenAddress 172.23.97.2 MaxAuthTries 2 PermitRootLogin no LogLevel VERBOSE $ exit I'm sorely tempted to forgo SSH for telnet encapsulated in SSL (via stunnel), with non-reusable passwords. Anybody else remember "Stel"? Kevin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Any update on SSH brute force attempts? Jay Libove (Oct 15)
- Re: Any update on SSH brute force attempts? James Riden (Oct 15)
- Re: Any update on SSH brute force attempts? Kevin (Oct 15)
- Re: Any update on SSH brute force attempts? Frank Knobbe (Oct 16)
- Re: Any update on SSH brute force attempts? Kevin (Oct 15)
- Message not available
- Re: Any update on SSH brute force attempts? Jay Libove (Oct 16)
- Re: Re: Any update on SSH brute force attempts? Tim (Oct 16)
- RE: Re: Any update on SSH brute force attempts? Sean Crawford (Oct 16)
- Re: Any update on SSH brute force attempts? Jay Libove (Oct 16)
- Re: Any update on SSH brute force attempts? James Riden (Oct 15)
- Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Raj Mathur (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)