Re: SSH Cracking Attempts

• Previous message: Robert Tilley: "Mozilla Firefox & Java -- WTF???"
• In reply to: Nicolas: "Re: SSH Cracking Attempts"
• Next in thread: Matthijs: "Re: SSH Cracking Attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 29 Sep 2004 17:47:27 -0600
To: debian-user@lists.debian.org

On Wed, Sep 29, 2004 at 04:10:58PM -0400, Nicolas wrote:
>
> > So, my question is this. Is there a way to tell ssh to refuse
> > connections from an ip address after a certain number of failed
> > login attempts, or is snort the only way to do something like this?
> > So far I've been taking the manual approach, blocking the ip address
> > with my firewall after I see it hitting the logs, but that can give
> > them about an hour to play before I notice it (e-mailed to me by
> > logcheck).
> >
> > Any suggestions?
>
> If you dont have to much user who log in your server, you can allow
> only them from specific IP to log in. Or you can disable the password
> facility and only use keys (we do it this way at the job, It's also
> what I do at home).

You'll want to be careful about how you disable password authentication
and which versin of SSH you're using. Recent Debian ssh packages
automatically enable the UsePAM directive when upgrading from older
package versions (include the version found in woody currently). This
can lead to password authentication being turned back on, even though
the admin turned it off.

   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=250369
   

-- 
Jamin W. Collins
Remember, root always has a loaded gun.  Don't run around with it unless
you absolutely need it. -- Vineet Kumar
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Robert Tilley: "Mozilla Firefox & Java -- WTF???"
• In reply to: Nicolas: "Re: SSH Cracking Attempts"
• Next in thread: Matthijs: "Re: SSH Cracking Attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages sftp in batch mode without psssword prompt ... I would like to use (SSH) ftp from a solaris 2.9 box to another solaris ... Is there a more regular way of using password authentication with sftp. ... (comp.security.ssh) Re: password aging with sftp ... > This version recognizes password aging when the aging is implemented in ... not ssh keys) they will get prompted ... Is there a way to get sftp to issue the same prompt to change the ... As it stands, with password authentication, no. ... (SSH) Re: OT: Security.... ... Don't use port 22. ... Disable password authentication and use RSA, ... If you only need SSH access from specific locations, ... (Fedora) Re: SSH suddenly giving pam error for existing user ... > I can normally ssh to my home computer, ... > I then changed the password for my normal user & tried to ssh back with the ... rmuser to delete my account & create a new account with the same uid. ... (freebsd-questions) Re: SSH suddenly giving pam error for existing user ... > I can normally ssh to my home computer, ... > I then changed the password for my normal user & tried to ssh back with the ... rmuser to delete my account & create a new account with the same uid. ... (freebsd-questions)