| Rich Freeman on 12 Jun 2017 09:29:51 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] PI being targeted for malware |
On Mon, Jun 12, 2017 at 9:06 AM, JP Vossen <jp@jpsdomain.org> wrote: > > And there is a bot running that's trying to guess passwords for all kinds of > accounts. In the last 2-3 days I've seen many attempts on my non-standard > SSH port... Interesting that they're scanning non-standard ports, though I guess they can do that just once and then keep coming back. I suspect that 90% of my logs these days are ssh brute force attempts, though I haven't looked at them lately. I set up ssh to require a TOTP for logins using a password (no indication of reason for failure if either password or TOTP fails), so I don't bother to try to block these hosts. The only downside is that some ssh clients don't work with it, though most terminal-based ones do. The ones that tend to not work are things like scp implementations. I don't require TOTP when a key is used, it gives me the ability to still login using passwords when I'm not on a normally-used device while still being pretty secure from keylogging/etc. For those interested: https://github.com/google/google-authenticator-libpam (I really should do a lightning talk on this sometime. I imagine most distros have it packaged.) -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug