Re: Repeated attacks via SSH

• Previous message: Don Lewis: "Re: Repeated attacks via SSH"
• Maybe in reply to: Brett Glass: "Repeated attacks via SSH"
• Next in thread: Randy Bush: "Re: Repeated attacks via SSH"
• Reply: Randy Bush: "Re: Repeated attacks via SSH"
• Reply: freebsd-security_at_auscert.org.au: "Re: Repeated attacks via SSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 02 Oct 2005 16:32:39 -0600
To: Daniel Gerzo <danger@rulez.sk>

At 04:12 PM 10/2/2005, Daniel Gerzo wrote:

>very nice is to use AllowUsers in form of user@host.

If you can get away with it, absolutely. Same with the RSA keys.
Of course, the problem is that if you need to get access in an
emergency from who-knows-where, you're pretty much stuck with
passwords unless you have a token system or a one time password
system (e.g. S/Key). (Which reminds me: Anyone have a good S/Key
implementation for the Palm Pilot?)

>> We also have a log monitor
>> that watches the logs (/var/log/auth.log in particular) and
>> blackholes hosts that seem to be trying to break in via SSH.
>
>I wrote a similar script. it's also in ports under
>security/bruteforceblocker

The system we're using is the general purpose log monitor I
described at BSDCon in San Francisco. It's written in SNOBOL4
and has nice features like amnesty and rate limiting.

--Brett

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Don Lewis: "Re: Repeated attacks via SSH"
• Maybe in reply to: Brett Glass: "Repeated attacks via SSH"
• Next in thread: Randy Bush: "Re: Repeated attacks via SSH"
• Reply: Randy Bush: "Re: Repeated attacks via SSH"
• Reply: freebsd-security_at_auscert.org.au: "Re: Repeated attacks via SSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]