<<< Date Index >>>     <<< Thread Index >>>

Re: Strengthen OpenSSH security?



Brett Glass <brett@xxxxxxxxxx> said (on 2006/04/17):
> To: bugtraq@xxxxxxxxxxxxxxxxx
> From: Brett Glass <brett@xxxxxxxxxx>
> Subject: Strengthen OpenSSH security?
>
> ...
> It seems to me that sshd should not tip its hand by returning
> different responses ...

I agree. I also wish OpenSSH would implement the same security measures
already available in other SSH servers and authentication products --
a dynamic black list. The idea is simple, but effective: connections
from IP addresses that have failed to authenticate X times in the last
Y minutes are refused for Z minutes. For adequate values of Y and Z,
brute force attacks quickly lose feasibility.