[mythtv-users] Semi-OT: Blocking Brute Force SSH attacks

Deyan mythtv at bektchiev.net
Fri Oct 19 17:19:04 UTC 2007


On 10/19/07, Yan Seiner <yan at seiner.com> wrote:
>
> Jay R. Ashworth wrote:
> > If you've tunneled SSH traffic through to your Mythbox, you're likely
> > the target of brute-force SSH attacks, some of which might well work.
> >
> > The most elegant solution I've found so far is here:
> >
> >       http://www.la-samhna.de/library/brutessh.html#5
> >
> > This won't block attacks that "know" about a specific bug in your sshd,
> > so you need to stay updated, but for the dictionary attacks it will
> > work nicely, and it'll sure keep your logs from growing without
> > bounds...
>
> You can also do this with iptables.  There is also a setting in sshd
> itself that allows only so many connections / unit time.
>
> But none of this will help you if you are the subject of a concerted,
> persistent, distributed attack - only picking a really good password,
> not allowing root ssh access, and monitoring logs will keep you safe....


If you really want to prevent dictionary attacks you should disable password
login altogether and only allow login using public key authentication and
password protect your private keys.

This way someone needs to get a hold of your key and guess the password. And
if you regularly change the keys then this is even more secure...

An even more secure technique is to use port knocking (
http://www.portknocking.org/) combined with the above but I'm not that
paranoid yet.

Deyan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mythtv.org/pipermail/mythtv-users/attachments/20071019/47cebeb4/attachment.htm 


More information about the mythtv-users mailing list