Re: shutting out dictionary attacks on ssh passwords

To: Steven Bellovin <smb%cs.columbia.edu@localhost>
Subject: Re: shutting out dictionary attacks on ssh passwords
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Mon, 27 Jun 2011 17:22:36 -0400

On Mon, Jun 27, 2011 at 04:55:12PM -0400, Steven Bellovin wrote:
> 
> On Jun 27, 2011, at 4:49 50PM, Thor Lancelot Simon wrote:
> 
> > On Mon, Jun 27, 2011 at 04:48:23PM -0400, Jan Schaumann wrote:
> >> "Erik E. Fair" <fair%netbsd.org@localhost> wrote:
> >>> For those of us with public IP addresses, what is the most popular
> >>> and effective way to shut out the various door-knob turners who
> >>> keep trying account/password combinations again ssh and other such
> >>> services?
> > 
> > Turning off PasswordAuthentication works well.
> 
> You have to turn off PAM for sshd as well...

If the bots know how to do ChallengeResponseAuthentication by now,
then yes, you do.

Thor

References:
- shutting out dictionary attacks on ssh passwords
  - From: Erik E. Fair
- Re: shutting out dictionary attacks on ssh passwords
  - From: Jan Schaumann
- Re: shutting out dictionary attacks on ssh passwords
  - From: Thor Lancelot Simon
- Re: shutting out dictionary attacks on ssh passwords
  - From: Steven Bellovin

Prev by Date: Re: shutting out dictionary attacks on ssh passwords
Next by Date: Re: shutting out dictionary attacks on ssh passwords
Previous by Thread: Re: shutting out dictionary attacks on ssh passwords
Next by Thread: Re: shutting out dictionary attacks on ssh passwords
Indexes:

Home | Main Index | Thread Index | Old Index