Re: ssh attacks




Randy Yates wrote:

Similar to another recent thread, "Options to block brute force attacks,"
I have become paranoid about leaving my ssh port open because I, too,
have noticed many connection attempts from unknown domains.

If we presume that my password is at least moderately strong, then
how likely is it that any type of ssh attack will succeed?

With a moderately strong password, very unlikely.

You can calculate the probablility of breaking a password (average
number of attempts) and calculate the time needed to reach that average
number. The larger the time the less likely an attacker will even keep
trying.

Is it really unsafe to leave the ssh port open?

No.

I don't see how, since large systems like NC State's computer systems
allow ssh logins 24/7.

So I guess I'm asking what exactly are the threats, and how likely are
they to succeed?

The ones that succeed is mostly due to very weak passwords.

Also, of course, short of just closing the port, what
can I do to protect myself?

Use sshd options wisely. With AllowUsers/AllowGroups a system can be
made highly secure, just close all the "well known" accounts (if you
look at the sshd log, most attacks are not really dictionary attacks,
but go for a few well known account names; but don't let your guard
down, there are dictionary attacks), so you can make the attacker job
more complex: guess the user name and the password.

Regards.
--
René Berber

.



Relevant Pages

  • Re: ssh attacks
    ... I have become paranoid about leaving my ssh port open because I, too, ... look at the sshd log, most attacks are not really dictionary attacks, ... If, in addition to locking up common accounts like root from ssh, I ...
    (comp.security.ssh)
  • Re: ssh attacks
    ... you look at the sshd log, most attacks are not really dictionary ... attacks, but go for a few well known account names; ... If, in addition to locking up common accounts like root from ssh, I ...
    (comp.security.ssh)
  • Re: [SLE] stopping dictionary attacks on sshd (a tcp_wrappers problem)
    ... ssh login does not work when one has just booted, until jifie gets 0 and starts incrementing, then it works. ... We need open ssh connections from the outside. ... We want to defend against these attacks in a reasonable way. ... logsurfer is used because I don't know a better log watching and event ...
    (SuSE)
  • Re: ssh attacks
    ... I have become paranoid about leaving my ssh port open because I, too, ... Use sshd options wisely. ... look at the sshd log, most attacks are not really dictionary attacks, ... If, in addition to locking up common accounts like root from ssh, I ...
    (comp.security.ssh)
  • RE: Deliberately create slow SSH response?
    ... Asunto: RE: Deliberately create slow SSH response? ... The brute force attacks are most likely automated, ... Have you thought about limiting access to the service to only certain IPs? ...
    (SSH)