From owner-freebsd-questions@FreeBSD.ORG  Tue Aug 10 03:36:56 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E922B1065677
	for <questions@freebsd.org>; Tue, 10 Aug 2010 03:36:56 +0000 (UTC)
	(envelope-from matt@gsicomp.on.ca)
Received: from gsicomp.on.ca (gsicomp.on.ca [200.46.208.251])
	by mx1.freebsd.org (Postfix) with ESMTP id B408F8FC2A
	for <questions@freebsd.org>; Tue, 10 Aug 2010 03:36:56 +0000 (UTC)
Received: from maia.hub.org (maia-2.hub.org [200.46.204.251])
	by gsicomp.on.ca (Postfix) with ESMTP id 1CB9EFD0529;
	Tue, 10 Aug 2010 03:36:56 +0000 (UTC)
Received: from gsicomp.on.ca ([200.46.208.251])
	by maia.hub.org (mx1.hub.org [200.46.204.251]) (amavisd-maia,
	port 10024)
	with ESMTP id 50733-04; Tue, 10 Aug 2010 03:36:55 +0000 (UTC)
Received: from hermes (CPE002129cfd480-CM001ac3584898.cpe.net.cable.rogers.com
	[99.236.129.198])
	by gsicomp.on.ca (Postfix) with SMTP id 838D6FCD102;
	Tue, 10 Aug 2010 03:36:55 +0000 (UTC)
Message-ID: <5BF5E75C429145B39DCBF8DC4F7B10CC@hermes>
From: "Matt Emmerton" <matt@gsicomp.on.ca>
To: "James Harrison" <oscartheduck@gmail.com>
References: <ED433058084C4B0FAE9C516075BF0440@hermes>
	<EDE343D4-0B69-4425-B987-302EF5A7FED0@gmail.com>
Date: Mon, 9 Aug 2010 23:36:57 -0400
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931
Cc: questions@freebsd.org
Subject: Re: ssh under attack - sessions in accepted state hogging CPU
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2010 03:36:57 -0000

> > I know there's not much I can do about the brute force attacks, but will
> > upgrading openssh avoid these stuck connections?
>
> 1. switch over to using solely RSA keys

In the works; I have too many users to convert :(

> 2. switch to a non-standard port

This is not attractive, even though it would be effective.  I tried this 
once already and my support volume skyrocketed so I had to switch back.

> 3. what version of openssh are you currently using?

Whatever ships with 8.0-REL, which appears to be:

OpenSSL> version
OpenSSL 0.9.8k 25 Mar 2009

Regards,
--
Matt