SSH hacked?
Karl Larsen
klarsen1 at gmail.com
Tue Jan 13 22:13:13 UTC 2009
Res wrote:
> On Tue, 13 Jan 2009, Kent Borg wrote:
>
>
>> My first suggestion for keeping ssh secure was to have long, quality
>> passwords that are not recycled. Judging from the fact that I am the
>>
>
> Fully agree
>
>
>> Conclusion: Moving sshd to a different port is a distraction from real
>> issues of security.
>>
>
> Agreed
>
>
>
>> you don't recycle on different systems), a maintained system is NOT
>> vulnerable to a brute force attack. Repeat, it is NOT vulnerable to a
>>
>
> Disagree, given time, anything is possible.
>
>
>> Instead of wasting your time hiding your sshd where any port scan will
>> find it, ask yourself the above question, honestly answer it, and act on
>> the answer.
>>
>
> Leave it on 22, have quality passwords and iptables accept rules for only
> authorised IP's, and yes thats still a risk, becuase you dont know if an
> auth'd IP box was taken or not, there is no substitute for long and
> complicated passwords (lengthy mixed upper and lowercase with numbers)
> most systems these days allow for at least 16 chars in a password, most a
> hell of a lot more.
>
>
>> sudo iptables -A INPUT -i _eth0_ -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
>> sudo iptables -A INPUT -i _eth0_ -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
>>
>
> I agree with this, however I use 4 hitcounts :)
>
>
>
I am ssh to my big 8.04 home computer from my 8.10 laptop. It is
through 2 routers and works fine.
Tested and the ssh demon seems to have a drop out point after 3
wrong passwords. So it appears that a person trying to gain access has
to reconnect after each three tries. This should slow down the breaking
in :-)
Karl
More information about the ubuntu-users
mailing list