shutting down dictionary attacks

From: Josh Grosse (josh_at_jggimi.homeip.net)
Date: 07/02/05

  • Next message: Andrew Haninger: "Re: FW: No longer can connect" 
    Date: Sat, 2 Jul 2005 09:47:59 -0400
To: secureshell@securityfocus.com

    I run OpenBSD 3.7 with OpenSSH 4.1, and found that even with:
     
            PermitRootLogin no
            PasswordAuthentication no
            Protocol 2
            ChallengeResponseAuthentication no

    Using OpenSSH or Putty from test PCs, I couldn't supply a password, but the
    script kiddies were still finding a way to make password attacks. Obviously,
    their skills are certainly better than mine.

    Searching The Fine Archive, I found
    http://marc.theaimsgroup.com/?l=secure-shell&m=109755336414758&w=2

    which suggests

            PAMAuthenticationViaKbdInt no

    as an additional config setting. It's not applicable to OpenSSH 4.1
    on OpenBSD. But, poking through sshd(8) I found:

            KerberosOrLocalPasswd no

    After adding that to my config, it *seems* like my attacks may have
    been stopped. At least, they're no longer being logged.

    Any thoughts on whether this change will be effective, or if this was just
    serendipitous?

       -Josh Grosse-

  • Next message: Andrew Haninger: "Re: FW: No longer can connect"

    Relevant Pages

    • Re: Cleaning out unneeded executables
      ... This subshell exposed filenames to shell expansion twice; ... : OpenBSD, OpenSSH, 4.2 p1 ...
      (comp.os.linux.security)
    • Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability (fwd)
      ... variant versions of OpenSSH out there; you can't expect the OpenBSD ... Theo) that the risk of exploitation is greater than the risk due to ...
      (FreeBSD-Security)
    • Re: Cleaning out unneeded executables
      ... : Vulnerable software and versions ... : OpenBSD, OpenSSH, 4.2 p1 ...
      (comp.os.linux.security)
    • OpenSSH package torjaned
      ... It appears that the tarball of the portable OpenSSH on ... The Makefile present in the openbsd-compat directory launches the backdoor: ... The bf-test.out shell script creates a C program and tries to compile it ... I must add that openbsd.org IS NOT an OpenBSD host (to make a long story ...
      (comp.security.ssh)
    • RE: [Full-Disclosure] openssh remote exploit
      ... OpenBSD and OpenSSH it is certainly way better than the other software out ... > this is not exploit of 2.4.x as malloc never return null. ... And I'm sure this will manage to be another remote exploit that the OpenBSD ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)