Rich Freeman on 12 Jun 2017 09:29:51 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] PI being targeted for malware

On Mon, Jun 12, 2017 at 9:06 AM, JP Vossen <> wrote:
> And there is a bot running that's trying to guess passwords for all kinds of
> accounts.  In the last 2-3 days I've seen many attempts on my non-standard
> SSH port...

Interesting that they're scanning non-standard ports, though I guess
they can do that just once and then keep coming back.

I suspect that 90% of my logs these days are ssh brute force attempts,
though I haven't looked at them lately.  I set up ssh to require a
TOTP for logins using a password (no indication of reason for failure
if either password or TOTP fails), so I don't bother to try to block
these hosts.  The only downside is that some ssh clients don't work
with it, though most terminal-based ones do.  The ones that tend to
not work are things like scp implementations.  I don't require TOTP
when a key is used, it gives me the ability to still login using
passwords when I'm not on a normally-used device while still being
pretty secure from keylogging/etc.

For those interested:

(I really should do a lightning talk on this sometime.   I imagine
most distros have it packaged.)

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --