Re: Strengthen OpenSSH security?

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Strengthen OpenSSH security?
From: MaddHatter <maddhatt+bugtraq@xxxxxxxxxxx>
Date: Wed, 19 Apr 2006 21:33:38 -0700
In-reply-to: <7.0.1.0.2.20060417223005.098d8eb0@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <7.0.1.0.2.20060417223005.098d8eb0@xxxxxxxxxx>
User-agent: Mutt/1.4.1i

Brett Glass <brett@xxxxxxxxxx> said (on 2006/04/17):
> To: bugtraq@xxxxxxxxxxxxxxxxx
> From: Brett Glass <brett@xxxxxxxxxx>
> Subject: Strengthen OpenSSH security?
>
> ...
> It seems to me that sshd should not tip its hand by returning
> different responses ...

I agree. I also wish OpenSSH would implement the same security measures
already available in other SSH servers and authentication products --
a dynamic black list. The idea is simple, but effective: connections
from IP addresses that have failed to authenticate X times in the last
Y minutes are refused for Z minutes. For adequate values of Y and Z,
brute force attacks quickly lose feasibility.

References:
- Strengthen OpenSSH security?
  - From: Brett Glass

Prev by Date: Re: Re[3]: Bypassing ISA Server 2004 with IPv6
Next by Date: Re: Strengthen OpenSSH security?
Previous by thread: Re: Strengthen OpenSSH security?
Next by thread: Re: Strengthen OpenSSH security?
Index(es):
- Date
- Thread