Re: ssh attacks




Randy Yates wrote:

Similar to another recent thread, "Options to block brute force attacks,"
I have become paranoid about leaving my ssh port open because I, too,
have noticed many connection attempts from unknown domains.

If we presume that my password is at least moderately strong, then
how likely is it that any type of ssh attack will succeed?

With a moderately strong password, very unlikely.

You can calculate the probablility of breaking a password (average
number of attempts) and calculate the time needed to reach that average
number. The larger the time the less likely an attacker will even keep
trying.

Is it really unsafe to leave the ssh port open?

No.

I don't see how, since large systems like NC State's computer systems
allow ssh logins 24/7.

So I guess I'm asking what exactly are the threats, and how likely are
they to succeed?

The ones that succeed is mostly due to very weak passwords.

Also, of course, short of just closing the port, what
can I do to protect myself?

Use sshd options wisely. With AllowUsers/AllowGroups a system can be
made highly secure, just close all the "well known" accounts (if you
look at the sshd log, most attacks are not really dictionary attacks,
but go for a few well known account names; but don't let your guard
down, there are dictionary attacks), so you can make the attacker job
more complex: guess the user name and the password.

Regards.
--
René Berber

.