Jiann-Ming Su <sujiannming@xxxxxxxxx> writes: > Even harder, if there's a password on that key. Not that it really matters when we are talking about numbers so insanely large, but just for completeness and 'cause I think ssh is an interesting and useful program... The password on the key only protects the private-key from being casually read by someone with access to the computer. The private-key-exchange that ssh puts on the wire (eg. on the 'net) has already had the password stripped from it. All that is used is the raw 1024-bit key. As an aside, the password on the file really only prevents a casual observer from learning the private-key. An attacker that has managed to grab the password-protected private-key file (by having broken into the system that has the private key file) can attack the password by dictionary and guessing attacks. This password protection is no stronger than would have been had had we used the same password as a unix-type password login. In fact, since they have the file on their own computer(s) they can subject it to much faster, more intensive guessing attacks. My feeling is that you can't ever really be sure that a private-key file hasn't been compromised. It is best to generate a fresh private-key public key pair every once in a while. (say 3-12 mos.) One can even keep the same password protecting the file, the important thing is that the underlying 1024-bit key is changed. > The other part of this discussion, I thought, was the DoS-ability of > these ssh attacks. That is, do these ssh attacks prevent legitmate > users from accessing regardless of the authentication mechanism > configured for sshd? The DOS aspect is a problem. The initial key public-key exchange is very CPU intensive. Someone banging on a box with password guessing attacks will chew up quite a bit of CPU and life on the box won't be very pleasant. What I did here for a while was run what amounts to a simple shell script that grabbed the IP's of the attacking machines and stuffed them into an IP-level filter against all traffic from that machine. This still allowed the attacker to have 5-10 seconds of fun, but life got really boring for them after that. -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
