[Gllug] ssh brute force attacks

[Hari Sekhon]

Nix wrote:
> On 8 Dec 2008, Hari Sekhon said:
>   
>> 1) You still end up with lots of garbage in your logs from failed 
>> attempts by not preventing attempts
>>     
>
> Ooh dear. Use a decent syslogd like syslog-ng to filter them out.
>   
Already done, but filtering out this stuff is a terrible thing to do. I 
have built log servers with complex stratification of logs and 
monitoring rule sets but I would never, ever just ignore garbage in the 
logs by filtering it out at source or sending it to a destination I 
don't check! That's almost as bad as not having logs because you 
lose/discard part of your information. The best thing is to investigate 
and prevent problem logs for tighter administration.

>> 2) You may need to use passwords at some time, because not everyone will 
>> have keys or can be trusted to properly secure their keys etc...
>>     
>
> If someone doesn't have a key, give him one. If he won't accept one, he
> can't log in. It's that simple. Not everyone can be trusted to secure
> their keys? Then passphrase them: if they can't keep the passphrase
> secure, then they can't keep their passwords secure either.
>   
I think keys are the way to go, I use them extensively myself, and I 
have forced this in some usage cases, not sure about all cases though, I 
think it may depend on the users, but you have good points here.

-h

-- 
Hari Sekhon
Always open to interesting opportunities
http://www.linkedin.com/in/harisekhon

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug