Re: Blocking ssh

To: stargazer@dailydata.net
Cc: debian-isp@lists.debian.org
Subject: Re: Blocking ssh
From: Administrador DyR <systemlogs@dyr.es>
Date: Wed, 15 Jun 2005 10:19:18 +0200
Message-id: <[🔎] 1118823558.2484.5.camel@sierra>
In-reply-to: <[🔎] 11170.209.30.158.92.1118818210.squirrel@client.dailydata.net>
References: <[🔎] 55900.209.30.158.92.1118642635.squirrel@client.dailydata.net> <[🔎] 42AD6764.5030001@linux.it> <[🔎] 20050613204022.GA11888@bestkevin.com> <[🔎] 28333.64.216.13.198.1118773418.squirrel@client.dailydata.net> <[🔎] 42AFBBEB.20606@snorks.dyndns.org> <[🔎] 11170.209.30.158.92.1118818210.squirrel@client.dailydata.net>

El mié, 15-06-2005 a las 01:50 -0500, Rod Rodolico escribió:
> They never found a valid account. I just saw them trying hard, and
> was afraid they would actually find one that had shell access.
> Actually, I don't remember them finding a real account of anyone on
> the box (though I didn't do a point by point comparison). This was
> more a preventive, just in case they did.
> 
> If I'm not understanding what you mean, please let me know. I doubt
> this will be the last time I have to do this.
> 

Well. If I try to enter your host, and I am rejected after sending a
username "A", and before authenticating, I will know that I cannot log
in your server with username "A" (it's forbidden). If I found that, with
username "B", I'm not rejected until after authentication, I will know
that "B" is a valid username, and I'll try with the same "B" user, but
with different passwords.

If the system behaves the same way for invalid and valid user names, the
bad guys won't be able to know which usernames are valid, so your
security is stronger.



> Rod
> 
> > From a security point of veiw that is actually a bad idea, as the
> > people
> > trying to connect will now immediatly know if the have found a valid
> > account and can then work on finding the password for that account.
> >
> > R. W. Rodolico wrote:
> >
> >>No, just the fact that they did not get in. Example:
> >>
> >>Jun 13 08:30:38 stargazer sshd[11700]: Failed password for illegal
> >>user testuser from ::ffff:69.0.78.35 port 50494 ssh2
> >>Jun 13 08:30:42 stargazer sshd[11702]: Illegal user testuser from
> >>::ffff:69.0.78.35
> >>
> >>Rod
> >>
> >>
> >>P.S. I did change the port, but they found it again. However, I
> >> have
> >> set up ssh now where it rejects all but two accounts even before
> >>attempting to authenticate.
> >>
> >>RWR
> >>
> >>
> >>
> >>>Ciao,
> >>>
> >>>I noticed that *BSD log in the syslog the attempted password
> >>>too...is there
> >>>a way to do the same on linux too ?
> >>>
> >>>--
> >>>
> >>>Bye Enrico - Windows gives you just a little piece of the horizon.
> >>>Use Linux.
> >>>
> >>>   e vederai color che son contenti
> >>> nel foco, perche speran di venire
> >>> quando che sia a le beate genti.
> >>>        -- Inferno, Canto I, vv.118-120
> >>>
> >>>
> >>>--
> >>>To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> >>>with a subject of "unsubscribe". Trouble? Contact
> >>>listmaster@lists.debian.org
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >>
> >
> >
> 
> 
> -- 
> What is the use of a house if you haven't a tolerable planet to put
> it on?
>    Thoreau
> 
>

Reply to:

Follow-Ups:
- Re: Blocking ssh
  - From: Phil Dyer <phil@dyermaker.org>
- Re: Blocking ssh
  - From: "Rod Rodolico" <stargazer@dailydata.net>

References:
- Blocking ssh
  - From: "R. W. Rodolico" <stargazer@dailydata.net>
- Re: Blocking ssh
  - From: Gaetano Zappulla <gaetano@linux.it>
- Re: Blocking ssh
  - From: Cherubini Enrico <kevin@bestkevin.com>
- Re: Blocking ssh
  - From: "R. W. Rodolico" <stargazer@dailydata.net>
- Re: Blocking ssh
  - From: Dave Watkins <debianisp@snorks.dyndns.org>
- Re: Blocking ssh
  - From: "Rod Rodolico" <stargazer@dailydata.net>

Prev by Date: Re: Blocking ssh
Next by Date: CACert.org Certificate and libapache-mod-ssl
Previous by thread: Re: Blocking ssh
Next by thread: Re: Blocking ssh
Index(es):
- Date
- Thread