[ILUG] SSH dictionary attacks.
Ewan Oughton
ewan at skynet.ie
Wed Aug 23 12:20:12 IST 2006
ssh keys can be setup that you need a password in order to use the key:
[ewan at fiend ~]$ ssh ewan at beast.scrapping.cc
Warning: Permanently added the RSA host key for IP address
'194.125.79.120' to the list of known hosts.
***************The Beast***************
* *
* Password-based logins disabled. *
* *
***************************************
Enter passphrase for key '/home/ewan/.ssh/id_dsa':
Last login: Tue Aug 22 15:07:40 2006 from blueice2n1.uk.ibm.com
ewan at beast:~$
ssh-keygen (IME) asks for a passphrase by default when generating a key.
My ssh-foo is relatively weak, so forgive me if this is not what you're
looking for.
Ewan
Ewan Oughton B.Sc. Comp Sys
DB / AnonFTP / Orac Root Admin SkyNet
On Wed, 23 Aug 2006, Aine Douglas wrote:
> Hi Guys,
>
> I'm getting sick of seeing log entries for SSH dictionary attacks, the
> latest coming in the middle of me watching a live log while trying to
> solve a problem.
>
> I'd like to switch off password access and only allow private key
> access, but personally I have a problem with storing raw private keys
> on memory sticks, or machine hardrives, I feel its lower security than
> a memorised password.
>
> Does anyone know if there is a SSH client which can work with
> something like a PKCS12 private keystore where a password is needed to
> unlock the private key thus allowing the private key to be stored on
> insecure devices such as client pc's and memory sticks?
>
> I know there's PKCS11 for smartcard readers and the like, but thats a
> little extravagant for my needs.
>
> Aine.
> --
> Irish Linux Users' Group mailing list
> About this list : http://mail.linux.ie/mailman/listinfo/ilug
> Who we are : http://www.linux.ie/
> Where we are : http://www.linux.ie/map/
>
More information about the ILUG
mailing list