From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JUSqL-0006o2-B4 for garchives@archives.gentoo.org; Wed, 27 Feb 2008 20:25:33 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7A2D6E0403; Wed, 27 Feb 2008 20:25:31 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 4E9DBE0403 for ; Wed, 27 Feb 2008 20:25:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id D8FFEBC441 for ; Wed, 27 Feb 2008 20:25:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -0.779 X-Spam-Level: X-Spam-Status: No, score=-0.779 required=5.5 tests=[AWL=-0.247, BAYES_00=-2.599, RCVD_NUMERIC_HELO=2.067] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id artnTFcMR03L for ; Wed, 27 Feb 2008 20:25:23 +0000 (UTC) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id BDE8EBC444 for ; Wed, 27 Feb 2008 20:25:20 +0000 (UTC) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1JUSq0-0006pz-8k for gentoo-user@gentoo.org; Wed, 27 Feb 2008 20:25:12 +0000 Received: from 83.219.114.65 ([83.219.114.65]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 27 Feb 2008 20:25:12 +0000 Received: from remy.blank by 83.219.114.65 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 27 Feb 2008 20:25:12 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Remy Blank Subject: [gentoo-user] Re: SSH brute force attacks and blacklist.py Date: Wed, 27 Feb 2008 21:24:53 +0100 Message-ID: References: <47C5A316.8010303@shic.co.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig2C819DBDDCC0E260BDEBC034" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 83.219.114.65 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071116 Thunderbird/2.0.0.9 Mnenhy/0.7.5.0 In-Reply-To: <47C5A316.8010303@shic.co.uk> X-Enigmail-Version: 0.95.6 Sender: news X-Archives-Salt: 8f78c539-a805-4bd5-b29a-ba293813f308 X-Archives-Hash: 02e151cb81e28c359392e25926fa4a4f This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2C819DBDDCC0E260BDEBC034 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Steve wrote: > I'm one of the (many) people who has opportunists trying usernames and = > passwords against SSH... while every effort has been made to secure thi= s=20 > service by configuration; strong passwords; no root login remotely etc.= =20 > I would still prefer to block sites using obvious dictionary attacks=20 > against me. The best advice I can give is to use public key authentication only.=20 This will defend against all dictionary-based attacks, which is what you = describe. The only remaining "problem" is that your log files will be filled with=20 unsuccessful login attempts. A simple solution is to run sshd on a=20 non-standard, high-numbered port, e.g. in the 30'000. Bots only ever try = to connect on port 22. This will *not* improve the protection of your=20 server, but it will avoid having your logs spammed. -- Remy --------------enig2C819DBDDCC0E260BDEBC034 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFHxccdCeNfIyhvXjIRAtwRAJ9SPBF6OYpDfcR34teUqBwe/d2wRwCgi4nT TwIQKraWDGa8HrXJ1A2owb0= =QtE8 -----END PGP SIGNATURE----- --------------enig2C819DBDDCC0E260BDEBC034-- -- gentoo-user@lists.gentoo.org mailing list