Re: bruteforce ssh

From: Richard E. Silverman (res_at_qoxp.net)
Date: 10/28/05

Next message: Ertugrul Soeylemez: "Re: bruteforce ssh"

Previous message: Ertugrul Soeylemez: "Re: bruteforce ssh"
In reply to: Ertugrul Soeylemez: "Re: bruteforce ssh"
Next in thread: Ertugrul Soeylemez: "Re: bruteforce ssh"
Reply: Ertugrul Soeylemez: "Re: bruteforce ssh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 28 Oct 2005 02:23:25 -0400

>>>>> "ES" == Ertugrul Soeylemez <never@drwxr-xr-x.org> writes:

    ES> Use another authentication scheme than passwords. I recommend
    ES> public key authentication. This doesn't only make bruteforce
    ES> attacks impossible

Well, impractical. :)

ES> but also man in the middle attacks.

It's worth noting that the SSH transport protocol already provides the
client MITM resistance -- and since the transport protocol normally
encapsulates the authentication protocol, this protection applies
regardless of the user authentication method employed (providing the
requirements of the particular key exchange are met, e.g. the hostkey is
properly verified). The publickey userauth method simply adds another
instance of MITM protection, this time for the server.

-- 
  Richard Silverman
  res@qoxp.net

Next message: Ertugrul Soeylemez: "Re: bruteforce ssh"

Previous message: Ertugrul Soeylemez: "Re: bruteforce ssh"
In reply to: Ertugrul Soeylemez: "Re: bruteforce ssh"
Next in thread: Ertugrul Soeylemez: "Re: bruteforce ssh"
Reply: Ertugrul Soeylemez: "Re: bruteforce ssh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: SoapClient authentication
... order to make it independent from the transport protocol as well. ... The default UsernameTokenManager shipped in WSE authenticates user against a ... so in that case it works as Windows authentication. ...
(microsoft.public.dotnet.framework.webservices.enhancements)
authentication failure when logging in with public key
... When logging in using public key authentication, ... CentER Applied Research ...
(comp.security.ssh)
Re: Port-Knocking vulnerabilities?
... what an attacker ... Don't have services listening on external interfaces that shouldn't be ... Prefer public key authentication over password authentication. ...
(Security-Basics)
Re: Q: pub key login still asks for password??
... Items to look for in the verbose output would be: ... debug1: Next authentication method: publickey ... debug1: Next authentication method: keyboard-interactive ... as well any identities being used in public key authentication. ...
(comp.security.ssh)
Re: bruteforce ssh
... > ES> Use another authentication scheme than passwords. ... > ES> public key authentication. ... MITM-resistance is only on the client side. ... Someone can still hijack the channel from server to client, ...
(comp.security.ssh)