Re: ssh security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: ssh security
From: Florin Andrei <florin@xxxxxxxxxxxxxxx>
Date: Wed, 04 Jan 2006 11:03:38 -0800
In-reply-to: <1136335623.3279.220.camel@xxxxxxxxxxxxx>
References: <c80517ed0512252124s2d061627m771c58e42eaf8807@xxxxxxxxxxxxxx> <200512261848.05336.lists@xxxxxxxxxxxx> <c80517ed0512261656y63dda19dl1cda0dd273132258@xxxxxxxxxxxxxx> <43B09C03.9050401@xxxxxxxxx> <279901c60a88$d0ae1f20$1225a8c0@kittycat> <1135864941.3279.6.camel@xxxxxxxxxxxxx> <20060103134431.GC5616@xxxxxxxxxxxxxxxxxxx> <1136305607.4430.25.camel@xxxxxxxxxxxxxxxxxxx> <1136335623.3279.220.camel@xxxxxxxxxxxxx>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

On Tue, 2006-01-03 at 18:47 -0600, Jeff Vian wrote:

> I acknowledge the flaws, but it is better than leaving ssh open for
> repeated attempts by the script kiddies.

It is not the only solution to the brute force SSH attacks, it's a
solution with major flaws, and there are other solutions without
significant flaws.

Moving the SSH port number plus an iptables-based rate limiter should be
just as effective without the drawback of revealing account names.

Seriously, it's a basic computer security law. The external behavior of
the system should not depend in any way on the account name being
probed.

-- 
Florin Andrei

http://florin.myip.org/

Follow-Ups:
- Re: ssh security
  - From: Wolfgang S. Rupprecht

References:
- Re: ssh security
  - From: James Wilkinson
- Re: ssh security
  - From: Michael H. Warfield
- Re: ssh security
  - From: Jeff Vian

Prev by Date: Re: livna NVIDIA drivers - packaging problem?
Next by Date: Re: Updating FC2 with FC4 kernel sources
Previous by thread: Re: ssh security
Next by thread: Re: ssh security
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]