LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Distributed brute force ssh attacks

Distributed brute force ssh attacks

Posted Oct 25, 2009 11:21 UTC (Sun) by oak (subscriber, #2786)
In reply to: Distributed brute force ssh attacks by DG
Parent article: Distributed brute force ssh attacks

You could provide users a script that does the port-knocking or "firewall
login" for them + a desktop icon for the script.

And then use a modified denyhosts to monitor failed ssh login attempts
from the IP addresses for which the firewall opened a port. Denyhosts
could then e.g. mail the IT admin when too many failed attempts are
noticed. They can then verify (e.g. by phone) that it's the user itself
failing to login (too many times) and not user or user's machine or home
network being compromised...

(Log in to post comments)

Distributed brute force ssh attacks

Posted Oct 25, 2009 14:41 UTC (Sun) by DG (subscriber, #16978) [Link]

Yes - this could work - however it requires distribution of software; my/our approach doesn't....

Each to their own; I'm sure many solutions are better than one :)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds