2009/6/23 Wojciech Puchar <woj...@wojtek.tensor.gdynia.pl>: >> If for some reason you would prefer to use password authentication, I >> would recommend that you look into automatic brute force detection. >> There are a number of utilities in ports available for this purpose, >> including security/sshguard and security/denyhosts. > > good, but not really important with properly chosen password. > You can't do more than maybe 10 attempts/second this way, while cracking 10 > character password consisting of just small letters and digits needs > > 36^10=3656158440062976 possible passwords, and over 11 milion years to check > all possibilities, so say 100000 years if someone is really lucky and will > get it after checking 1% possible password. > > Of course - you must not look at logs in 100000 years and not see this 10 > attempts per second. > > > > I give this example against common paranoia that exist on that group - mix > of real "security paranoid" persons and pseudo-experts that like to repeat > "intelligent" phrases to show up themselves. > > Actually - there is no need for extra protection for ssh, but for humans. > > 99% of crack attempts are done by "kevin mitnick" methods, not password > cracking.
You're right about the probability of password breaking, but personally I installed denyhosts just because I got sick of this: Aug 22 00:46:21 amnesiac sshd[63107]: error: PAM: authentication error for illegal user adrian from adsl-76-193-128-193.dsl.scrm01.sbcglobal.net Aug 22 00:46:21 amnesiac sshd[63107]: Failed keyboard-interactive/pam for invalid user adrian from 76.193.128.193 port 2901 ssh2 Aug 22 00:46:23 amnesiac sshd[63110]: error: PAM: authentication error for illegal user agfa from adsl-76-193-128-193.dsl.scrm01.sbcglobal.net Aug 22 00:46:23 amnesiac sshd[63110]: Failed keyboard-interactive/pam for invalid user agfa from 76.193.128.193 port 3165 ssh2 Aug 22 00:46:26 amnesiac sshd[63113]: error: PAM: authentication error for illegal user agneta from adsl-76-193-128-193.dsl.scrm01.sbcglobal.net Aug 22 00:46:26 amnesiac sshd[63113]: Failed keyboard-interactive/pam for invalid user agneta from 76.193.128.193 port 3338 ssh2 Aug 22 00:46:29 amnesiac sshd[63116]: error: PAM: authentication error for illegal user ahren from adsl-76-193-128-193.dsl.scrm01.sbcglobal.net Aug 22 00:46:29 amnesiac sshd[63116]: Failed keyboard-interactive/pam for invalid user ahren from 76.193.128.193 port 3499 ssh2 10,000 lines of this in _every_ security digest I get off my server. No I haven't changed any IP addresses, either. Now I get: Added the following hosts to /etc/hosts.evil: 89.232.63.160 87.117.236.15 Much easier to read... Chris -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in a mailing list? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
