Re: brute force ssh attempt mitigation

From: Christer Edwards <christer edwards gmail com>
To: jeffschroeder computer org
Cc: gnome-infrastructure gnome org
Subject: Re: brute force ssh attempt mitigation
Date: Wed, 31 Mar 2010 08:33:33 -0600

On Wed, Mar 31, 2010 at 8:29 AM, Jeff Schroeder <jeffschroed gmail com> wrote:
> It certainly is annoying, but ssh is configured to not allow password
> authentication. All the bots are really doing is using up ssh
> connections. Another thought might be to use iptables to ratelimit the
> number of new connections to port 22 and just tarpit them. However
> we'd have to be especially careful on git.gnome.org as that could
> really piss off rockstar contributors. Good attention to detail
> however.

Wasn't there some talk about actually populating /etc/{passwd,shadow}
as an ldap backup? Wouldn't that require opening ssh to passwd auth to
make it useful? ..maybe I misunderstood the conversation, but if it is
the case then I think it makes this a requirement.

-- 
Christer Edwards

Follow-Ups:
- Re: brute force ssh attempt mitigation
  - From: Olav Vitters

References:
- brute force ssh attempt mitigation
  - From: Christer Edwards
- Re: brute force ssh attempt mitigation
  - From: Jeff Schroeder

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]