Re: shutting down dictionary attacks

From: Brian J. Woods (brianjwd_at_gmail.com)
Date: 07/05/05

  • Next message: Guillaume Vissian: "Re: shutting down dictionary attacks" 
    Date: Mon, 04 Jul 2005 18:06:01 -0500
To: Guillaume Vissian <somebodyishere@gmail.com>, secureshell@securityfocus.com

    Guillaume Vissian wrote:

    >With reflexion PAM is for sure responsible of this, i think the sshd
    >is still connected to PAM who is responsible of password login, i
    >think that disconnect sshd from PAM maybe a way to stop those kind of
    >attack, another way is that script kiddies directly launch a password
    >AND login command and due to the config are immediately rejected, but
    >it's log. A way to stop that attacks is to run sshd on another port
    >and to hide it, but i don't know how you can hidden sshd...
    >
    >2005/7/4, Josh Grosse <josh@jggimi.homeip.net>:
    >
    >
    >>On Mon, Jul 04, 2005 at 11:03:15AM -0500, Brian J. Woods wrote:
    >>
    >>
    >>
    >>>Look at documentation for sshd for StrictMode, the time writing this I
    >>>didn't have the time. Also MaxAuthTries, try changing the value from the
    >>>one you have to see if that changes things a bit. I think the problem
    >>>you have is not so trivial, but this should be an interesting thread on
    >>>ways to handle this.
    >>>
    >>>
    >>The default for StrictMode is "yes" -- but it just checks users files to
    >>determine if they're world writeable. I'm not sure how it would apply.
    >>
    >>I'm setting MauxAuthTries to 1, the default is 6.
    >>
    >>You're right. This is certainly interesting.
    >>
    >>
    >>
    >
    >
    >
    I don't think OpenBSD uses PAM.

  • Next message: Guillaume Vissian: "Re: shutting down dictionary attacks"

    Relevant Pages

    • Re: shutting down dictionary attacks
      ... With reflexion PAM is for sure responsible of this, i think the sshd ... is still connected to PAM who is responsible of password login, ... >> Look at documentation for sshd for StrictMode, the time writing this I ...
      (SSH)
    • Re: shutting down dictionary attacks
      ... >>With reflexion PAM is for sure responsible of this, i think the sshd ... >>is still connected to PAM who is responsible of password login, ... A way to stop that attacks is to run sshd on another port ...
      (SSH)
    • Re: Software for distribution of configuration files and changes
      ... accepting keyboard-interactive/pam. ... This affects all users, and not just root. ... But without PAM, sshd just prompts for password in a little different way. ...
      (freebsd-stable)
    • RE: PAM and SSH
      ... It appears that for sshd, sshusers would have to be their primary group ... The nsswitch.conf list files and winbind for groups but the ssh documentation said that only primary groups were used. ... Perhaps a simple PAM module that takes a network description and succeeds if the user's IP is on that network would not be a huge task. ...
      (SSH)
    • Re: OpenSSH and pam_krb5
      ... > with GSSAPI and PAM authentication. ... this data is present in a separate process (the "authentication ... application (ie sshd). ...
      (SSH)