On Sun, Sep 18, 2005 at 01:40:04PM +0000, Oleg Goldshmidt wrote: > So far I have been ignoring these (but I do read the logs). Am I too > naive?
Yes. I used to thing that ssh was immune to these attacks, but I was wrong. I accidently left open a userid I created for the guy that provides me email and it has a very recognizable password. I found out the hard way because someone tried his userid and a list of passwords on my machine, go it an installed a root kit. I stopped it while it was still installing and lost a lot of files that should have been backed up but where not (I downloaded them, but the download disapered when I went to get them again). > I figure that these entries are from blind and stupid attempts to > guess usename/password combination manually or automatically. Aviram, > if you (or anyone else) have a different interpretation, I'd like to > hear. That's it. But if I were you, I would run John the ripper on your password and shadow files to make sure you have not done something accidentaly. > Therefore, I would not want to block every address from which a > connection is attempted. I may mistype username/password myself, after > all, and I don't want access blocked because of that. I also don't > know in advance where I will try to connect next time (a coffee shop? > a friend's place? an airport?). So if you do write a blocking script > like Aviram suggests, I would block an address after a number of > attempts only, and only if it clearly uses bogus usernames. I thought I had that covered. I've downloaded a copy of putty and my DSA keys to a USB dongle. I set up my ssh server to only accept keys not usernames and passwords. My assumption was that it was just too hard for anyone to bother to try and crack a 1024 bit DSA key as opposed to a 64 bit (or less) password. I actually went out of the house last week for the day and took my keys with me. Unfortunately, it turned out that the place I was at had ssh version 1 installed (no DSA key support) and I could not install OpenSSH nor access a Windows machine. I also did not bring my laptop which runs a verson of BSD on it and has OpenSSH. Geoff. -- Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM IL Voice: (077)-424-1667 IL Fax: 972-2-648-1443 U.S. Voice: 1-215-821-1838 Support the growing boycott of Google by radio users and hobbyists. It's starting to work, Yahoo has surpassed Google. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
