Spike in SSH attacks
Benjamin Scott
dragonhawk at gmail.com
Mon Jun 21 09:28:42 EDT 2010
http://isc.sans.edu/diary.html?storyid=9031
http://isc.sans.edu/diary.html?storyid=9034
Apparently attackers are going after "keyboard interactive"
authentication, which is separate from "password authentication". If
you are using SSH public/private keys only, make sure you have
"ChallengeResponseAuthentication no" set in your /etc/ssh/sshd_config
file. If you must use passwords, make sure everyone has a strong
password, and consider using techniques like scan detection,
IP-address access control, port knocking, non-standard port, etc.
-- Ben
More information about the gnhlug-discuss
mailing list