From owner-freebsd-questions@FreeBSD.ORG Tue Sep 19 21:22:42 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D5C0216A403 for ; Tue, 19 Sep 2006 21:22:42 +0000 (UTC) (envelope-from backyard1454-bsd@yahoo.com) Received: from web83102.mail.mud.yahoo.com (web83102.mail.mud.yahoo.com [216.252.101.31]) by mx1.FreeBSD.org (Postfix) with SMTP id 564BA43D70 for ; Tue, 19 Sep 2006 21:22:42 +0000 (GMT) (envelope-from backyard1454-bsd@yahoo.com) Received: (qmail 97966 invoked by uid 60001); 19 Sep 2006 21:22:42 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=m7IBoCYbkpskFyaq+6Hmt6AGqO6oclop8wKE6CgQLoV3+4YyV/ptyi62QQfS5dssuaCLKNjYF3EZmI/EZEvu7xr961WDwdbV5MZlWnemcsu9E+6slOtHciKtWBFi+8lDZ9h/xoVvjJ/slX8Vpe/B94+LALZV6EI/RI9isx/LDU0= ; Message-ID: <20060919212242.97964.qmail@web83102.mail.mud.yahoo.com> Received: from [63.240.228.37] by web83102.mail.mud.yahoo.com via HTTP; Tue, 19 Sep 2006 14:22:41 PDT Date: Tue, 19 Sep 2006 14:22:41 -0700 (PDT) From: backyard To: "Dan Mahoney, System Admin" , questions@freebsd.org In-Reply-To: <20060919165400.A4380@prime.gushi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: sshd brute force attempts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: backyard1454-bsd@yahoo.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Sep 2006 21:22:42 -0000 --- "Dan Mahoney, System Admin" wrote: > Hey all, > > I've looked around and found several linux-centric > things designed to > block brute-force SSH attempts. Anyone out there > know of something a bit > more BSD savvy? > > My best attempt will be to get this: > > http://www.csc.liv.ac.uk/~greg/sshdfilter/index_15.html > > running and adapt it. > > I've found a few things based on openBSD's pf, but > that doesn't seem to be > the default in BSD either. > > Any response appreciated. > > -Dan > > -- > > "Is Gushi a person or an entity?" > "Yes" > > -Bad Karma, August 25th 2001, Ezzi Computers, > Quoting himself earler, referring to Gushi > > --------Dan Mahoney-------- > Techie, Sysadmin, WebGeek > Gushi on efnet/undernet IRC > ICQ: 13735144 AIM: LarpGM > Site: http://www.gushi.org > --------------------------- > well you could pretty much eliminate the problem by disabling password logins to sshd and only accepting keyed logins. Then only a key will work. Frequently changing the keys would ensure hackers would have to want to get in REALLY bad in order to gain unauthorized access by a brute force attempt. Depending on how hosts login and their systems, you could perhaps run a login script that regenerates keys automatically and distributes them to the user every so many days or whatever so the system appears passwordless to them, and secure to the outside. This may be more trouble then you are looking for though. In reality using passwords with SSH kinda defeats the purpose of SSH. -brian