Repeated attacks via SSH
Brett Glass
brett at lariat.org
Sun Oct 2 15:32:49 PDT 2005
At 04:12 PM 10/2/2005, Daniel Gerzo wrote:
>very nice is to use AllowUsers in form of user at host.
If you can get away with it, absolutely. Same with the RSA keys.
Of course, the problem is that if you need to get access in an
emergency from who-knows-where, you're pretty much stuck with
passwords unless you have a token system or a one time password
system (e.g. S/Key). (Which reminds me: Anyone have a good S/Key
implementation for the Palm Pilot?)
>> We also have a log monitor
>> that watches the logs (/var/log/auth.log in particular) and
>> blackholes hosts that seem to be trying to break in via SSH.
>
>I wrote a similar script. it's also in ports under
>security/bruteforceblocker
The system we're using is the general purpose log monitor I
described at BSDCon in San Francisco. It's written in SNOBOL4
and has nice features like amnesty and rate limiting.
--Brett
More information about the freebsd-security
mailing list