[WBEL-users] SSH Hack/Login attempts
A Streetcar Named
desire@gmail.com
Mon, 9 Aug 2004 19:52:30 +0800
It seems (to me) to be unsafe to implement this to deal with random
probes, especially if the probes only attempt a few known combinations
of usernames and passwords (as long as you know those attempts won't
work on you, of course). The danger being that you could potentially
be vulnerable to a DoS where someone denies new ssh connections to you
simply by maintaining XX concurrent unauthenticated ssh connections...
----- Original Message -----
From: vincent.raffensberger@dtn.com <vincent.raffensberger@dtn.com>
Date: Sun, 8 Aug 2004 12:30:26 -0500
Subject: Re: [WBEL-users] SSH Hack/Login attempts
To: whitebox-users@beau.org
Take a look at the 'AllowGroups' and 'MaxStartups' options in sshd_config.
The AllowGroups is self-explanatory.
Here's the manpage info on MaxStartups:
Specifies the maximum number of concurrent unauthenticated con-
nections to the sshd daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying the
three colon separated values ``start:rate:full'' (e.g.,
"10:30:60"). sshd will refuse connection attempts with a proba-
bility of ``rate/100'' (30%) if there are currently ``start''
(10) unauthenticated connections. The probability increases lin-
early and all connection attempts are refused if the number of
unauthenticated connections reaches ``full'' (60).
"Jeff Maze" <maillists@crescentdigital.com>
Sent by: whitebox-users-admin@beau.org
08/08/2004 08:39 AM
To <whitebox-users@beau.org>
cc
Subject [WBEL-users] SSH Hack/Login attempts
Hello,
I was wondering if there's a way to block some user
names/accounts
from attempting to be logged into via SSH. Lately, over the last week or
so, I've seen a lot of login attempts via test, admin, and guest accounts.
I have the PermitRootLogin=No in the sshd_conf file but was wondering if I
add the above mentioned accounts, they won't even get a password prompt.
Thanks..
Oh yea, there aren't admin, test, nor guest accounts created on the machine
but they keep trying to use them to login.
_______________________________________________
Whitebox-users mailing list
Whitebox-users@beau.org
http://beau.org/mailman/listinfo/whitebox-users