Re: brute force ssh attempt mitigation

On Wed, Mar 31, 2010 at 8:29 AM, Jeff Schroeder <jeffschroed gmail com> wrote:
> It certainly is annoying, but ssh is configured to not allow password
> authentication. All the bots are really doing is using up ssh
> connections. Another thought might be to use iptables to ratelimit the
> number of new connections to port 22 and just tarpit them. However
> we'd have to be especially careful on as that could
> really piss off rockstar contributors. Good attention to detail
> however.

Wasn't there some talk about actually populating /etc/{passwd,shadow}
as an ldap backup? Wouldn't that require opening ssh to passwd auth to
make it useful? ..maybe I misunderstood the conversation, but if it is
the case then I think it makes this a requirement.

Christer Edwards

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]