Re: shutting down dictionary attacks
From: LD (ldbugs_at_hawaii.rr.com)
Date: 07/05/05
- Previous message: Guillaume Vissian: "Re: shutting down dictionary attacks"
- In reply to: Josh Grosse: "Re: shutting down dictionary attacks"
- Next in thread: Josh Grosse: "Re: shutting down dictionary attacks"
- Reply: Josh Grosse: "Re: shutting down dictionary attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Jul 2005 02:56:25 -0000 (HST) To: "Josh Grosse" <josh@jggimi.homeip.net>
> On Mon, Jul 04, 2005 at 11:03:15AM -0500, Brian J. Woods wrote:
>
>> Look at documentation for sshd for StrictMode, the time writing this I
>> didn't have the time. Also MaxAuthTries, try changing the value from the
>> one you have to see if that changes things a bit. I think the problem
>> you have is not so trivial, but this should be an interesting thread on
>> ways to handle this.
>
> The default for StrictMode is "yes" -- but it just checks users files to
> determine if they're world writeable. I'm not sure how it would apply.
>
> I'm setting MauxAuthTries to 1, the default is 6.
>
> You're right. This is certainly interesting.
>
The only problem with setting the max to 1 is that if you're running an
SSH key agent, your SSH program may attempt key authentication. Each key
in the ring counts as 1 authentication try, so this could possibly cut you
off if you use keys. Just a warning ;) Easily fixed.
- Previous message: Guillaume Vissian: "Re: shutting down dictionary attacks"
- In reply to: Josh Grosse: "Re: shutting down dictionary attacks"
- Next in thread: Josh Grosse: "Re: shutting down dictionary attacks"
- Reply: Josh Grosse: "Re: shutting down dictionary attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
