Secure Shell
a GOOD idea to harden OpenSSH! Mar 30 2011 07:19PM
nagygabor88 (nagygabor88 zoho com) (3 replies)
RE: a GOOD idea to harden OpenSSH! Mar 31 2011 07:39PM
Ward, Jon (Jon_Ward syntelinc com) (1 replies)
Re: a GOOD idea to harden OpenSSH! Apr 02 2011 10:37PM
Eric Jaw (naisanza gmail com)
Re: a GOOD idea to harden OpenSSH! Mar 31 2011 06:24PM
Joseph Spenner (joseph85750 yahoo com) (1 replies)
Re: a GOOD idea to harden OpenSSH! Apr 03 2011 07:17PM
Lamont Granquist (lamont scriptkiddie org) (1 replies)
Re: a GOOD idea to harden OpenSSH! Apr 06 2011 03:30AM
Mike Ramirez (gufymike gmail com)
On Sunday, April 03, 2011 12:17:55 pm Lamont Granquist wrote:
> you can already use fail2ban to accomplish this kind of thing.
>
> the original idea i think is somewhat terrible in a multi-user
> enterprise-y kind of environment since you'll wind up telling users that
> they have to wait 2 seconds before entering their passphrase
> constantly. for your home server it might work, but you can always
> setup public keys or OTP pretty easily as well, in addition to fail2ban.
>
> you can also use pam_tally to only allow 6 failed passwords in a row
> before locking the account. i run the cronjob to unlock all the
> accounts every 30 mins or so, which only allows a velocity of 12 guess
> per hour on a single account, while not requiring users with locked
> accounts to call up a helpdesk.
>
I've had good experiences with bfd[1] which scans logs for invalid login
attempts per user, after X attempts, the ip is banned. The length of the ban
is variable (30 minutes was good enough to stop repeated attacks).

Bonus, it kept the logs clean.

Mike

http://www.rfxn.com/projects/brute-force-detection/
--
To the systems programmer, users and applications serve only to provide a
test load.

[ reply ]
Re: a GOOD idea to harden OpenSSH! Mar 31 2011 06:20PM
Christian Grunfeld (christian grunfeld gmail com) (1 replies)
Re: a GOOD idea to harden OpenSSH! Apr 02 2011 11:57AM
Aaron Toponce (aaron toponce gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus