Admins warned of brute-force SSH attacks

Admins warned of brute-force SSH attacks
Robert Lemos, SecurityFocus 2008-05-14

Allowing secure shell access to a server tends to attract the occasional attempt to guess a valid username and password for the service. However, a spike in attacks this week has system administrators worried.

Expand all | Post comment

Admins warned of brute-force SSH attacks 2008-05-15
Justin

Admins warned of brute-force SSH attacks 2008-05-15
DooMRunneR (1 replies)

Re: Admins warned of brute-force SSH attacks 2008-05-16
Anonymous

Admins warned of brute-force SSH attacks 2008-05-15
Anonymous (1 replies)

Re: Admins warned of brute-force SSH attacks 2008-05-19
Anonymous

Admins warned of brute-force SSH attacks 2008-05-15
Anonymous

If possible, use the AllowUsers directive in sshd_config to limit access to specific users, and/or the hosts.allow/deny files to permit certain users from specific network ranges or not at all from other ranges, etc; ssh is tcp_wrapper friendly). Of course the firewall is your friend also (but should not be relied upon as the sole layer of protection).

If a system needs to be publicly accessible (i.e, you can limit access to a given network range), install and configure denyhosts. In fact there's no reason not to install and use it IMO (take yourself off te low hanging branches of the fruit tree). Then sit back and watch your hosts.deny file and denyhost report email folder grow and grow...

A minimum amount of due diligence will prevent so many cases of heartburn and stress.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11518/35097#35097

Admins warned of brute-force SSH attacks 2008-05-15
Anonymous

Admins warned of brute-force SSH attacks 2008-05-16
Jeff Sadowski

Admins warned of brute-force SSH attacks 2008-05-17
Anonymous

Admins warned of brute-force SSH attacks 2008-05-27
Anonymous

Admins warned of brute-force SSH attacks 2008-11-28
Anonymous