[nycbug-talk] Analyzing malicious SSH login attempts
trish at bsdunix.net
Tue Sep 12 15:46:34 EDT 2006
On Tue, 12 Sep 2006, Jeff Quast wrote:
> On 9/12/06, csnyder <chsnyder at gmail.com> wrote:
>>> I am also curious.. where do we draw the line and just *trust* our OS?
> I just felt the need to reply to the line that this is OpenSSH's
> responsability to deal with. It made me mad. They do a great job
> dealing with this issue in the place it is meant to be dealt with.
I 100% disagree with this, since OpenSSH is in fact partially responsible
for handling the connection and authenticating it, including keys... if
its failed to authenticate within OpenSSH, its not any other program or
tool's responssibility to handle it. IMO you've got it 100% wrong... but
then we can agree to disgaree on this. If OpenSSH wasn;t handling part of
the auth layer, I'd agree, but since it does, inclduing what kind of auth
you use (key or password) it needs to work for both password and key based
auth. OpenSSH is the place to gracefully handle this without having to
implement a specific firewall to make it work.
> Password authentication should only be used once to add your public
> key to authorized_keys file anyway. I dont even know most of the
> passwords for my SSH accounts :0, they are too hard to remember, much
> less guess.
That I'd agree on, but remember you can have failed key attempts as well,
while brute forcing keys is difficult, remember that its not impossible to
crack lesser key auths.... one of these days its going to work. Besides
connection based attacks aren;t always based on authentication.... you can
tie up resources by spamming key based auth failures.
> % NYC*BUG talk mailing list
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
Trish Lynch trish at bsdunix.net
Key fingerprint = 781D 2B47 AA4B FC88 B919 0CD6 26B2 1D62 6FC1 FF16
More information about the talk