[nycbug-talk] Analyzing malicious SSH login attempts
chsnyder at gmail.com
Tue Sep 12 11:52:26 EDT 2006
On 9/12/06, michael <lists at genoverly.net> wrote:
> I still have lingering anxiety that once you have
> my desktop, you have my local network AND my datacenter network AND
> anywhere else I've dropped a key.
But you encrypted that key using a strong passphrase, right? They
would have to get your desktop while ssh-agent was running.
> Maybe I should, more seriously, consider the shear hassle of skeys.
> I'm curious, do NYCBUG talk subscribers consider this a "best
> practices" article? Is anything misleading, wrong, missing.. or right?
> I am also curious.. where do we draw the line and just *trust* our OS?
I really wish the OpenSSH developers would address this issue in the
server itself, by giving admins a lockout setting. I see absolutely no
reason why hundreds of failed login attempts from the same IP address
should be permitted as if it was standard procedure.
Anyway, I use a php script that scans the log for multiple failed
logins from a single IP, then sets a temporary firewall rule blocking
access from that address.
More information about the talk