[ILUG] SSH dictionary attacks.

Aine Douglas aine.douglas at gmail.com
Wed Aug 23 12:55:17 IST 2006 

On 8/23/06, Ewan Oughton <ewan at skynet.ie> wrote:
> ssh keys can be setup that you need a password in order to use the key:

Got a couple of offlist hits to that effect too... will check it out
to see what it actually does. I'm rather wary of just "passwords",
maybe it comes from what I know in the windows world, dummy passwords
protecting unprotected secrets. Nothing worse than snake oil.

I'm really interested in trying out Colm's portknocking idea... that
has huge possibilities.

Thanks all,

Aine.

> [ewan at fiend ~]$ ssh ewan at beast.scrapping.cc
> Warning: Permanently added the RSA host key for IP address
> '194.125.79.120' to the list of known hosts.
> ***************The Beast***************
> *                                     *
> *   Password-based logins disabled.   *
> *                                     *
> ***************************************
>
> Enter passphrase for key '/home/ewan/.ssh/id_dsa':
> Last login: Tue Aug 22 15:07:40 2006 from blueice2n1.uk.ibm.com
> ewan at beast:~$
>
>
> ssh-keygen (IME) asks for a passphrase by default when generating a key.
>
>
> My ssh-foo is relatively weak, so forgive me if this is not what you're
> looking for.
>
>
>
> Ewan
>
>
> Ewan Oughton B.Sc. Comp Sys
> DB / AnonFTP / Orac Root Admin SkyNet
>
>
> On Wed, 23 Aug 2006, Aine Douglas wrote:
>
> > Hi Guys,
> >
> > I'm getting sick of seeing log entries for SSH dictionary attacks, the
> > latest coming in the middle of me watching a live log while trying to
> > solve a problem.
> >
> > I'd like to switch off password access and only allow private key
> > access, but personally I have a problem with storing raw private keys
> > on memory sticks, or machine hardrives, I feel its lower security than
> > a memorised password.
> >
> > Does anyone know if there is a SSH client which can work with
> > something like a PKCS12 private keystore where a password is needed to
> > unlock the private key thus allowing the private key to be stored on
> > insecure devices such as client pc's and memory sticks?
> >
> > I know there's PKCS11 for smartcard readers and the like, but thats a
> > little extravagant for my needs.
> >
> > Aine.
> > --
> > Irish Linux Users' Group mailing list
> > About this list : http://mail.linux.ie/mailman/listinfo/ilug
> > Who we are : http://www.linux.ie/
> > Where we are : http://www.linux.ie/map/
> >
>

More information about the ILUG mailing list