Re: Idea to secure ssh

To: lists@michel-messerschmidt.de
Cc: debian-security@lists.debian.org
Subject: Re: Idea to secure ssh
From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
Date: Wed, 15 Mar 2006 14:30:45 +0100
Message-id: <[🔎] 87ek13ygvu.fsf@informatik.uni-tuebingen.de>
In-reply-to: <[🔎] 44959.195.124.114.37.1142323789.squirrel@webmail.artfiles.de> (Michel Messerschmidt's message of "Tue, 14 Mar 2006 09:09:49 +0100 (CET)")
References: <[🔎] 385d1e010603112350g5c11a3b1ha21ed67f5e6e7e63@mail.gmail.com> <[🔎] 200603131503.24264.neal.p.murphy@alum.wpi.edu> <[🔎] 20060314010709.GC15140@mathom.us> <[🔎] 200603132306.39126.neal.p.murphy@alum.wpi.edu> <[🔎] 44959.195.124.114.37.1142323789.squirrel@webmail.artfiles.de>

"Michel Messerschmidt" <lists@michel-messerschmidt.de> writes:

> Neal Murphy said:
>> The point is to obscure the ssh server from everyone, including those
> who
>> are authorized to access it remotely.
>
> You're right, this is just the old idea of "security by obscurity".

And quite pointless. Better install a fake sshd on every system that
would randomly allow in users and then drop them into nirvana without
doing much actual cpu intentsive auth. Give them so many false
positives that their scanning becomes utterly pointless. :)))

>> The point is to reduce brute-forace attacks to the point of nearly total
>> ineffectiveness. The point is to require a small amount of
>> pre-authentication before the server acknowledges the client's attempt
>> to connect.
>
> How small can any _reliable_ authentication protocol be?
> Either it's at risk by brute-force or by denial-of-service.

Except now, instead of just getting slow, the network and server just
drop UDP packets and overhear knocking on the door by valid users due
to the hailstorm of brute force knocks.

MfG
        Goswin

Reply to:

References:
- howto block ssh brute-force
  - From: "Felipe Figueiredo" <philsf@ufrj.br>
- Re: Idea to secure ssh [was: howto block ssh brute-force]
  - From: Neal Murphy <neal.p.murphy@alum.wpi.edu>
- Re: Idea to secure ssh [was: howto block ssh brute-force]
  - From: Michael Stone <mstone@debian.org>
- Re: Idea to secure ssh [was: howto block ssh brute-force]
  - From: Neal Murphy <neal.p.murphy@alum.wpi.edu>
- Re: Idea to secure ssh [was: howto block ssh brute-force]
  - From: "Michel Messerschmidt" <lists@michel-messerschmidt.de>

Prev by Date: unsubscribe
Next by Date: Re: Idea to secure ssh
Previous by thread: Re: Idea to secure ssh [was: howto block ssh brute-force]
Next by thread: Re: Idea to secure ssh [was: howto block ssh brute-force]
Index(es):
- Date
- Thread