|Edmond Rodriguez on 12 Jun 2009 04:54:03 -0700|
I recently allowed a port for ssh (default settings) on my machine/router so a friend could try and connect to it.
Within days someone tried to log on to my machine over 30,000 times in about one hours time.
What I found surprising was that ssh by default did not recognized this rapid fire attempt to log on my machine and create some sort of delay between each attempt.
I guess all the configurations that have been written about recently help prevent such password guessing games. I guess they eliminate the idea of an unknown machine trying to log on. If possible at all, do they limit the number of times an unauthorized person can try to log on?
Having seen the attempts to log into my machine, I learned there are ways with iptables and I think ssh itself (recent discussion at a PLUG meeting) to cause it to delay some time after a few attempted logins. So that if someone tries unsuccessfully to log in say 10 times, a delay will be created to force a one minute wait time before the next attempt.
From: Fred Stluka <firstname.lastname@example.org>
To: Philadelphia Linux User's Group Discussion List <email@example.com>
Sent: Thursday, June 11, 2009 5:47:50 PM
Subject: Re: [PLUG] Pros and cons of key-pair based vs password based SSH...
Thanks for all the great suggestions everyone! I've followed a
bunch of the links you sent, read the man page for ssh_config
and sshd_config, and made some changes. I especially like the
idea of limiting which users can login via AllowUsers and/or
AllowGroups. OpenSSH has a ton of features. I had no idea about
the possibility of sharing access to the same connection to get
remote filename completion on scp, etc. Cool!
Michael Bevilacqua wrote:
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug