LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Distributed brute force ssh attacks

Distributed brute force ssh attacks

Posted Oct 23, 2009 15:34 UTC (Fri) by nix (subscriber, #2304)
In reply to: Distributed brute force ssh attacks by DG
Parent article: Distributed brute force ssh attacks

I've got to the point where SSH is blocked for everyone by default, and to access it users have to authenticate via a web application.
This seems terribly inconvenient compared to cryptographic authentication, and no more secure.

(Log in to post comments)

Distributed brute force ssh attacks

Posted Oct 23, 2009 18:27 UTC (Fri) by bronson (subscriber, #4806) [Link]

But cryptographic authentication is terribly inconvenient! I had to do key management for a mere 5 person dev team in the past -- it got tedious fast.

At least DG's solution pushes the work to the leaves, potentially reducing the work for the ssh admins.

Distributed brute force ssh attacks

Posted Oct 23, 2009 22:24 UTC (Fri) by dododge (subscriber, #2870) [Link]

One way I've seen this done in a corporate environment is to have a web page that uses token-based authentication such as SecurID to identify you. If you pass that, it immediately updates the firewall to allow your IP to access the other servers such as mail, ssh, etc. (which all normally require their own authentication as well). The firewall rule then auto-expires if your IP goes idle for too long.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds