mailing list archives
Re: Strengthen OpenSSH security?
From: MaddHatter <maddhatt+bugtraq () cat pdx edu>
Date: Wed, 19 Apr 2006 21:33:38 -0700
Brett Glass <brett () lariat org> said (on 2006/04/17):
To: bugtraq () securityfocus com
From: Brett Glass <brett () lariat org>
Subject: Strengthen OpenSSH security?
It seems to me that sshd should not tip its hand by returning
different responses ...
I agree. I also wish OpenSSH would implement the same security measures
already available in other SSH servers and authentication products --
a dynamic black list. The idea is simple, but effective: connections
from IP addresses that have failed to authenticate X times in the last
Y minutes are refused for Z minutes. For adequate values of Y and Z,
brute force attacks quickly lose feasibility.