mailing list archives
Re: targetted SSH bruteforce attacks
From: John Jacobs <flamdugen () hotmail com>
Date: Thu, 17 Jun 2010 15:58:33 -0500
Of course it's wise to disable password authentication and just use
public key authentication.
Why? Ssh is encrypted, so you're not exposing a password when you login. How
does public key authentication make you more secure (in a practical sense)?
Paul, it's more secure in that brute force attacks are mitigated because the private key is required by the client and
the public key must appear in ~/.ssh/authorized_keys. Disabling password authentication means a weak password on an
account cannot be compromised by brute force or other discovery efforts. A password on the private key provides even
greater defense-in-depth security.
Disable password authentication and enforce key-pair authentication and targeted brute-force attacking becomes moot
very quickly. Moving SSHd from TCP 22 also keeps the script-kiddies and automated scanners away.
After doing these two basic things then it's time to focus on fail2ban, denyhosts, and the other firewall integrating
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: targetted SSH bruteforce attacks Xin LI (Jun 17)
Re: targetted SSH bruteforce attacks Mr. MailingLists (Jun 17)
Re: targetted SSH bruteforce attacks Mark Byrne (Jun 17)
- Re: targetted SSH bruteforce attacks, (continued)