[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] targetted SSH bruteforce attacks
- To: <pschmehl_lists@xxxxxxxxx>
- Subject: Re: [Full-disclosure] targetted SSH bruteforce attacks
- From: John Jacobs <flamdugen@xxxxxxxxxxx>
- Date: Thu, 17 Jun 2010 15:58:33 -0500
> > Of course it's wise to disable password authentication and just use
> > public key authentication.
>
> Why? Ssh is encrypted, so you're not exposing a password when you login.
> How
> does public key authentication make you more secure (in a practical sense)?
>
Paul, it's more secure in that brute force attacks are mitigated because the
private key is required by the client and the public key must appear in
~/.ssh/authorized_keys. Disabling password authentication means a weak
password on an account cannot be compromised by brute force or other discovery
efforts. A password on the private key provides even greater defense-in-depth
security.
Disable password authentication and enforce key-pair authentication and
targeted brute-force attacking becomes moot very quickly. Moving SSHd from TCP
22 also keeps the script-kiddies and automated scanners away.
After doing these two basic things then it's time to focus on fail2ban,
denyhosts, and the other firewall integrating solutions.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/