From owner-freebsd-questions@FreeBSD.ORG Tue Aug 10 03:36:56 2010 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E922B1065677 for ; Tue, 10 Aug 2010 03:36:56 +0000 (UTC) (envelope-from matt@gsicomp.on.ca) Received: from gsicomp.on.ca (gsicomp.on.ca [200.46.208.251]) by mx1.freebsd.org (Postfix) with ESMTP id B408F8FC2A for ; Tue, 10 Aug 2010 03:36:56 +0000 (UTC) Received: from maia.hub.org (maia-2.hub.org [200.46.204.251]) by gsicomp.on.ca (Postfix) with ESMTP id 1CB9EFD0529; Tue, 10 Aug 2010 03:36:56 +0000 (UTC) Received: from gsicomp.on.ca ([200.46.208.251]) by maia.hub.org (mx1.hub.org [200.46.204.251]) (amavisd-maia, port 10024) with ESMTP id 50733-04; Tue, 10 Aug 2010 03:36:55 +0000 (UTC) Received: from hermes (CPE002129cfd480-CM001ac3584898.cpe.net.cable.rogers.com [99.236.129.198]) by gsicomp.on.ca (Postfix) with SMTP id 838D6FCD102; Tue, 10 Aug 2010 03:36:55 +0000 (UTC) Message-ID: <5BF5E75C429145B39DCBF8DC4F7B10CC@hermes> From: "Matt Emmerton" To: "James Harrison" References: Date: Mon, 9 Aug 2010 23:36:57 -0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931 Cc: questions@freebsd.org Subject: Re: ssh under attack - sessions in accepted state hogging CPU X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Aug 2010 03:36:57 -0000 > > I know there's not much I can do about the brute force attacks, but will > > upgrading openssh avoid these stuck connections? > > 1. switch over to using solely RSA keys In the works; I have too many users to convert :( > 2. switch to a non-standard port This is not attractive, even though it would be effective. I tried this once already and my support volume skyrocketed so I had to switch back. > 3. what version of openssh are you currently using? Whatever ships with 8.0-REL, which appears to be: OpenSSL> version OpenSSL 0.9.8k 25 Mar 2009 Regards, -- Matt