Re: shutting down dictionary attacks
From: LD (ldbugs_at_hawaii.rr.com)
Date: Tue, 5 Jul 2005 02:56:25 -0000 (HST) To: "Josh Grosse" <email@example.com>
> On Mon, Jul 04, 2005 at 11:03:15AM -0500, Brian J. Woods wrote:
>> Look at documentation for sshd for StrictMode, the time writing this I
>> didn't have the time. Also MaxAuthTries, try changing the value from the
>> one you have to see if that changes things a bit. I think the problem
>> you have is not so trivial, but this should be an interesting thread on
>> ways to handle this.
> The default for StrictMode is "yes" -- but it just checks users files to
> determine if they're world writeable. I'm not sure how it would apply.
> I'm setting MauxAuthTries to 1, the default is 6.
> You're right. This is certainly interesting.
The only problem with setting the max to 1 is that if you're running an
SSH key agent, your SSH program may attempt key authentication. Each key
in the ring counts as 1 authentication try, so this could possibly cut you
off if you use keys. Just a warning ;) Easily fixed.