Re: shutting out dictionary attacks on ssh passwords

To: tech-net%netbsd.org@localhost
Subject: Re: shutting out dictionary attacks on ssh passwords
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Mon, 27 Jun 2011 16:49:50 -0400

On Mon, Jun 27, 2011 at 04:48:23PM -0400, Jan Schaumann wrote:
> "Erik E. Fair" <fair%netbsd.org@localhost> wrote:
> > For those of us with public IP addresses, what is the most popular
> > and effective way to shut out the various door-knob turners who
> > keep trying account/password combinations again ssh and other such
> > services?

Turning off PasswordAuthentication works well.  It used to be that in
fact you could turn off PasswordAuthentication, then let password
authentication complete via ChallengeResponseAuthentication.  I would
expect the bots have gotten smarter about this, but perhaps not.

Thor

Follow-Ups:
- Re: shutting out dictionary attacks on ssh passwords
  - From: Steven Bellovin

References:
- shutting out dictionary attacks on ssh passwords
  - From: Erik E. Fair
- Re: shutting out dictionary attacks on ssh passwords
  - From: Jan Schaumann

Prev by Date: Re: shutting out dictionary attacks on ssh passwords
Next by Date: Re: shutting out dictionary attacks on ssh passwords
Previous by Thread: Re: shutting out dictionary attacks on ssh passwords
Next by Thread: Re: shutting out dictionary attacks on ssh passwords
Indexes:

Home | Main Index | Thread Index | Old Index