[nycbug-talk] Fwd: Stopping SSH dictionary attacks?

Bob Ippolito bob
Tue Dec 21 16:02:11 EST 2004

On Dec 21, 2004, at 3:15 PM, G. Rosamond wrote:

> Begin forwarded message:
>> From: "Juan J. Martinez" <reidrac at usebox.net>
>> Date: December 21, 2004 1:14:29 PM EST
>> To: misc at openbsd.org
>> Subject: Re: Stopping SSH dictionary attacks?
>>> One solution I'm considering is writing a script that parses authlog 
>>> every hour or so and adds any IPs with more than x failed login 
>>> attempts to ipcop/etc/hosts_deny, am I on the right track with this 
>>> (has someone already done it - I'm a big fan of not re-inventing the 
>>> wheel)?
>> Actually I've done this... however I think its usefulness is limited 
>> (ie. scans from the same IP in different days are rare), but was fun 
>> to code.
>> You can check it at (the package is ssh_blocker):
>> http://blackshell.usebox.net/pub/shell/
> This may be relevant to some earlier discussions about openssh 
> security and brute force/dictionary attacks.

It's probably more secure to just turn off PasswordAuthentication.  
Then you don't have to worry about dictionary attacks, and brute force 
wouldn't be feasible.


More information about the talk mailing list