Edmond Rodriguez on 12 Jun 2009 04:54:03 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] SSH in general from: Re: Pros and cons of key-pair based vs password based SSH...



I recently allowed a port for ssh (default settings) on my machine/router so a friend could try and connect to it.  

Within days someone tried to log on to my machine over 30,000 times in about one hours time.

What I found surprising was that ssh by default did not recognized this rapid fire attempt to log on my machine and create some sort of delay between each attempt.

I guess all the configurations that have been written about recently help prevent such password guessing games.  I guess they eliminate the idea of an unknown machine trying to log on.  If possible at all, do they limit the number of times an unauthorized person can try to log on?

Having seen the attempts to log into my machine, I learned there are ways with iptables and I think ssh itself (recent discussion at a PLUG meeting) to cause it to delay some time after a few attempted logins.   So that if someone tries unsuccessfully to log in say 10 times, a delay will be created to force a one minute wait time before the next attempt.

Edmond

From: Fred Stluka <fred@bristle.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sent: Thursday, June 11, 2009 5:47:50 PM
Subject: Re: [PLUG] Pros and cons of key-pair based vs password based SSH...

Thanks for all the great suggestions everyone!  I've followed a
bunch of the links you sent, read the man page for ssh_config
and sshd_config, and made some changes.  I especially like the
idea of limiting which users can login via AllowUsers and/or
AllowGroups.  OpenSSH has a ton of features.  I had no idea about
the possibility of sharing access to the same connection to get
remote filename completion on scp, etc.  Cool!
--Fred
---------------------------------------------------------------------
Fred Stluka -- mailto:fred@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
---------------------------------------------------------------------


Michael Bevilacqua wrote:
On Wed, Jun 10, 2009 at 8:42 PM, Richard Freeman <r-plug@thefreemanclan.net> wrote:
The other thing I do is to modify my pam config for ssh to only allow
particular accounts to log in

Note that, if you have access to /etc/ssh/sshd_config you could simply use this configuration option:

AllowUsers user1 user2 user3

See sshd_config(5) for more details on this option.


--
Michael D. Bevilacqua
michael@bevilacqua.us

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug