[Gllug] ssh brute force attacks
Ryan Cartwright
r.cartwright at equitasit.co.uk
Mon Dec 8 16:53:25 UTC 2008
2008/12/8 John Edwards <john at cornerstonelinux.co.uk>:
> On Mon, Dec 08, 2008 at 04:06:30PM +0000, Ryan Cartwright wrote:
>> 2008/12/8 Anthony Newman <anthony.newman at ossified.net>:
>>> Alain Williams wrote:
>>>
>>>> What other means do you use to increase ssh security ?
>>> Key-only authentication. They can try all they like then :)
>>
>> Unless/until your keys are compromised of course. :)
>
> No, because ssh-keygen asks you to set a passphrase.
True but even then it can be compromised - as us Debian users found
out earlier this year.
> And if you need to use passphrase-less keys for automated
> logins (eg rsync transfers) then you can restrict them by
> IP address.
agreed but IP addresses can be spoofed.
> Also running on a different port is a cheap and effective
> way of reducing the automated attacks to almost nothing.
Also agreed. Whilst port-scanning may detect a change in port most
cracker-bots are just set to try 22 and that's all.
I find that when it comes down to it any security is a case of
permitting only as much as you are prepared to risk. Often this can be
making yourself a less accessible target than somebody else. A bit
like the joke with the two campers and bear.
--
Ryan Cartwright
Equitas IT Solutions
http://www.equitasit.co.uk
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list