From owner-freebsd-questions@FreeBSD.ORG  Tue Aug 10 04:02:21 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 74E241065673
	for <questions@freebsd.org>; Tue, 10 Aug 2010 04:02:21 +0000 (UTC)
	(envelope-from oscartheduck@gmail.com)
Received: from mail-pv0-f182.google.com (mail-pv0-f182.google.com
	[74.125.83.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 4456B8FC12
	for <questions@freebsd.org>; Tue, 10 Aug 2010 04:02:21 +0000 (UTC)
Received: by pvg4 with SMTP id 4so1140444pvg.13
	for <questions@freebsd.org>; Mon, 09 Aug 2010 21:02:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:subject:mime-version
	:content-type:from:x-priority:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to:x-mailer;
	bh=WzV+oTgus0bUFUmhzdy675Z6td4wlJNAPQ2vUTWhXjA=;
	b=ONHIkkTd0qee5aNv3QGWGFlBeANDtVt1jMoqYshYpZeogz0ynNY2OfGClxK1SbVKGV
	AwGIRm0IqI3OqkOLz0nuz1tD4jo16qR/QeSRpd+U5RXiLxYsvmbDMVfTH9yNLFa2PXEy
	W+wKQPpR4xrXKbWwRfi1QnuonW8YC+ZBfUxSg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=subject:mime-version:content-type:from:x-priority:in-reply-to:date
	:cc:content-transfer-encoding:message-id:references:to:x-mailer;
	b=GlpuTOMEPJghQEFNcuBGI4y8G3tiEyNgLciCsSA2WaXcuSy/27+RDbYiZQifxALuSw
	3hHWpne9QU5iEf+DKd2dSCfTlk2GBBU/nAx8wO669Y6CR7OaW7DMeih89Dan0BSfS/va
	+q2F9MOVoweSh8HTKWjTPz6jlzicwxYLBELkA=
Received: by 10.142.147.20 with SMTP id u20mr14489539wfd.49.1281411187101;
	Mon, 09 Aug 2010 20:33:07 -0700 (PDT)
Received: from [192.168.1.2] (c-24-8-211-143.hsd1.co.comcast.net
	[24.8.211.143])
	by mx.google.com with ESMTPS id w8sm7249168wfd.7.2010.08.09.20.33.05
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Mon, 09 Aug 2010 20:33:05 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset=us-ascii
From: James Harrison <oscartheduck@gmail.com>
X-Priority: 3
In-Reply-To: <ED433058084C4B0FAE9C516075BF0440@hermes>
Date: Mon, 9 Aug 2010 21:33:03 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <EDE343D4-0B69-4425-B987-302EF5A7FED0@gmail.com>
References: <ED433058084C4B0FAE9C516075BF0440@hermes>
To: "Matt Emmerton" <matt@gsicomp.on.ca>
X-Mailer: Apple Mail (2.1081)
Cc: questions@freebsd.org
Subject: Re: ssh under attack - sessions in accepted state hogging CPU
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2010 04:02:21 -0000

Hi Matt,
>=20
> I know there's not much I can do about the brute force attacks, but =
will upgrading openssh avoid these stuck connections?


1. switch over to using solely RSA keys
2. switch to a non-standard port
3. what version of openssh are you currently using?

Best

James=