Re: Idea to secure ssh
"Michel Messerschmidt" <email@example.com> writes:
> Neal Murphy said:
>> The point is to obscure the ssh server from everyone, including those
>> are authorized to access it remotely.
> You're right, this is just the old idea of "security by obscurity".
And quite pointless. Better install a fake sshd on every system that
would randomly allow in users and then drop them into nirvana without
doing much actual cpu intentsive auth. Give them so many false
positives that their scanning becomes utterly pointless. :)))
>> The point is to reduce brute-forace attacks to the point of nearly total
>> ineffectiveness. The point is to require a small amount of
>> pre-authentication before the server acknowledges the client's attempt
>> to connect.
> How small can any _reliable_ authentication protocol be?
> Either it's at risk by brute-force or by denial-of-service.
Except now, instead of just getting slow, the network and server just
drop UDP packets and overhear knocking on the door by valid users due
to the hailstorm of brute force knocks.