[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Blocking ssh

Thank you. I see what you were driving at. This turns out not to be
the case with the version of ssh I am using. Whether it is rejected,
denied, whatever, it still asks for the password several times. I
just verified that before replying. And, it gives the same message
both times. I did not realize other sshd's did it differently.

Again, thanks for pointing that out.

Rod


> El mié, 15-06-2005 a las 01:50 -0500, Rod Rodolico escribió:
>> They never found a valid account. I just saw them trying hard, and
>> was afraid they would actually find one that had shell access.
>> Actually, I don't remember them finding a real account of anyone
>> on
>> the box (though I didn't do a point by point comparison). This was
>> more a preventive, just in case they did.
>>
>> If I'm not understanding what you mean, please let me know. I
>> doubt
>> this will be the last time I have to do this.
>>
>
> Well. If I try to enter your host, and I am rejected after sending a
> username "A", and before authenticating, I will know that I cannot
> log
> in your server with username "A" (it's forbidden). If I found that,
> with
> username "B", I'm not rejected until after authentication, I will
> know
> that "B" is a valid username, and I'll try with the same "B" user,
> but
> with different passwords.
>
> If the system behaves the same way for invalid and valid user names,
> the
> bad guys won't be able to know which usernames are valid, so your
> security is stronger.
>
>
>
>> Rod
>>
>> > From a security point of veiw that is actually a bad idea, as
>> the
>> > people
>> > trying to connect will now immediatly know if the have found a
>> valid
>> > account and can then work on finding the password for that
>> account.
>> >
>> > R. W. Rodolico wrote:
>> >
>> >>No, just the fact that they did not get in. Example:
>> >>
>> >>Jun 13 08:30:38 stargazer sshd[11700]: Failed password for
>> illegal
>> >>user testuser from ::ffff:69.0.78.35 port 50494 ssh2
>> >>Jun 13 08:30:42 stargazer sshd[11702]: Illegal user testuser
>> from
>> >>::ffff:69.0.78.35
>> >>
>> >>Rod
>> >>
>> >>
>> >>P.S. I did change the port, but they found it again. However, I
>> >> have
>> >> set up ssh now where it rejects all but two accounts even
>> before
>> >>attempting to authenticate.
>> >>
>> >>RWR
>> >>
>> >>
>> >>
>> >>>Ciao,
>> >>>
>> >>>I noticed that *BSD log in the syslog the attempted password
>> >>>too...is there
>> >>>a way to do the same on linux too ?
>> >>>
>> >>>--
>> >>>
>> >>>Bye Enrico - Windows gives you just a little piece of the
>> horizon.
>> >>>Use Linux.
>> >>>
>> >>>   e vederai color che son contenti
>> >>> nel foco, perche speran di venire
>> >>> quando che sia a le beate genti.
>> >>>        -- Inferno, Canto I, vv.118-120
>> >>>
>> >>>
>> >>>--
>> >>>To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
>> >>>with a subject of "unsubscribe". Trouble? Contact
>> >>>listmaster@lists.debian.org
>> >>>
>> >>>
>> >>>
>> >>>
>> >>
>> >>
>> >>
>> >>
>> >
>> >
>>
>>
>> --
>> What is the use of a house if you haven't a tolerable planet to
>> put
>> it on?
>>    Thoreau
>>
>>
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>


-- 
What is the use of a house if you haven't a tolerable planet to put
it on?
   Thoreau
Reply to: