break-in attempt in my machine
Chris Green
cl at isbd.net
Sat Sep 3 13:39:39 UTC 2016
On Sat, Sep 03, 2016 at 02:04:59PM +0100, Chris Green wrote:
> On Sat, Sep 03, 2016 at 08:13:20PM +1000, Karl Auer wrote:
> > On Sat, 2016-09-03 at 10:13 +0100, Chris Green wrote:
> > > Yes, but it's 'remote' access in the sense I was meaning, you can't
> > > brute force a password via an ssh login. By that I mean you can't
> > > brute force a password at the ssh login prompt.
> >
> > Of course you can. It's just a question of bandwidth, and a login
> > attempt doesn't take much.
> >
> > If your system doesn't resist it, I can just make ten thousand
> > simultaneous connections to you; each attempt takes a few seconds to
>
> I doubt it, apart from anything else my bandwidth won't sustain it.
> Also there will be a limit on the number of connections open.
>
> Not to mention that ssh has both MaxStartups and MaxSessions
> parameters which will limit you typically to a few tens of sessions.
>
The default for MaxStartups is 10:30:100 which means that after ten
simultaneous unauthenticated connections you start getting a slow down
and/or connections are dropped.
The default for MaxSessions is also 10.
So, basically, you aren't going to get more than 10 ssh login sessions
at once.
--
Chris Green
More information about the ubuntu-users
mailing list