Re: Stopping Brute Force SSH Attacks

From: Neil W Rickert (rickert+nn_at_cs.niu.edu)
Date: 10/14/04

  • Next message: Dimitri Maziuk: "Re: Stopping Brute Force SSH Attacks" 
    Date: Thu, 14 Oct 2004 15:44:21 +0000 (UTC)

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    h1d3m3@yahoo.com (John) writes:

    >> Why? again so what if they try passwords? And then you will suddenly
    >> discover yourself locked out because something happened to your
    >> .authorized_keys file. Ie, is the cure worse than the disease?

    >I guess I wasn't clear here.

    >Right now, I can ssh to a machine and attempt to "brute force" my way
    >into the system. All of the users on this system have
    >~/.ssh/authorized_keys2 files (and those keys have passwords). The
    >/etc/password file has their account, but the password is effectively
    >untypeable (i.e. GECOS password field is *LK* or something like
    >that....this means if telnet/ftp was turned on, they would never be
    >able to use it).

    I don't see how this changes anything.

    I only use public key authentication. But there still are times
    where I try to login before adding my key to ssh-agent, or make some
    other dumb mistake, and am prompted for a passwd.

    I normally abort that attempt, fix the problem, and then login with a
    public key. If your policies were in effect I would find myself
    locked out.

    Maybe you have a super-human set of users who never make such dumb
    mistakes.

    I tend to look at it the other way -- if login is only possible with
    public key authentication, then the brute force attacks are harmless
    except for the cpu cycles they consume.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.6 (SunOS)

    iD8DBQFBbp7RvmGe70vHPUMRAogPAKCGat9Wkh8loGl8652DjxD7BRRE7QCfQkSA
    i228dkrsfZ2O+g7TBeNdvD4=
    =N7QN
    -----END PGP SIGNATURE----- 

    -- 
 vote for regime change in Washington, Nov 02.
  • Next message: Dimitri Maziuk: "Re: Stopping Brute Force SSH Attacks"

    Relevant Pages

    • Re: how to re-use existing session?
      ... > Using public key authentication in conjunction with the ssh-agent should ... I don't want to login at all. ...
      (comp.security.ssh)
    • Disable SSH authentication
      ... we can use two ways to login to remote machine: ... Public key authentication ... My question is that can we disable the SSH authentication so that we don't need to either provide user account or the public key? ...
      (SSH)
    • Re: Logging into SSH
      ... > Does anybody know how to force SSH to require username/password AND ... > public key authentication before allowing a login? ... the public key should be password protected anyhow... ...
      (SSH)
    • Re: Stopping Brute Force SSH Attacks
      ... ]>~/.ssh/authorized_keys2 files (and those keys have passwords). ... ]I only use public key authentication. ... ]where I try to login before adding my key to ssh-agent, ...
      (comp.security.ssh)
    • Re: public key vs passwd authentication?
      ... > I have a client that's turned off public key authentication. ... > examination of the security aspect, it'd make my job a lot easier/ ... http://www.garlic.com/~lynn/aadsm15.htm#2 Is cryptography where security took the wrong branch? ...
      (comp.security.ssh)