[WBEL-users] SSH Hack/Login attempts

A Streetcar Named desire@gmail.com
Mon, 9 Aug 2004 19:52:30 +0800 

It seems (to me) to be unsafe to implement this to deal with random
probes, especially if the probes only attempt a few known combinations
of usernames and passwords (as long as you know those attempts won't
work on you, of course).  The danger being that you could potentially
be vulnerable to a DoS where someone denies new ssh connections to you
simply by maintaining XX concurrent unauthenticated ssh connections...


----- Original Message -----
From: vincent.raffensberger@dtn.com <vincent.raffensberger@dtn.com>
Date: Sun, 8 Aug 2004 12:30:26 -0500
Subject: Re: [WBEL-users] SSH Hack/Login attempts
To: whitebox-users@beau.org

 
Take a look at the 'AllowGroups' and 'MaxStartups' options in sshd_config. 
 
The AllowGroups is self-explanatory. 
 
Here's the manpage info on  MaxStartups: 
             Specifies the maximum number of concurrent unauthenticated con- 
             nections to the sshd daemon.  Additional connections will be 
             dropped until authentication succeeds or the LoginGraceTime 
             expires for a connection.  The default is 10. 
 
             Alternatively, random early drop can be enabled by specifying the 
             three colon separated values ``start:rate:full'' (e.g., 
             "10:30:60").  sshd will refuse connection attempts with a proba- 
             bility of ``rate/100'' (30%) if there are currently ``start'' 
             (10) unauthenticated connections.  The probability increases lin- 
             early and all connection attempts are refused if the number of 
             unauthenticated connections reaches ``full'' (60). 
 
 
 
 
 "Jeff Maze" <maillists@crescentdigital.com> 
Sent by: whitebox-users-admin@beau.org 

08/08/2004 08:39 AM 
 
To <whitebox-users@beau.org> 
 
cc 
 
Subject [WBEL-users] SSH Hack/Login attempts 
 
 


 
 
 
Hello,
                 I was wondering if there's a way to block some user
names/accounts
 from attempting to be logged into via SSH.  Lately, over the last week or
 so, I've seen a lot of login attempts via test, admin, and guest accounts.
 I have the PermitRootLogin=No in the sshd_conf file but was wondering if I
 add the above mentioned accounts, they won't even get a password prompt.
                 Thanks..
 
 Oh yea, there aren't admin, test, nor guest accounts created on the machine
 but they keep trying to use them to login.
 
 
 
 _______________________________________________
 Whitebox-users mailing list
 Whitebox-users@beau.org
 http://beau.org/mailman/listinfo/whitebox-users