Mailinglist Archive: opensuse-bugs (8045 mails)
| < Previous | Next > |
[Bug 230160] New: New security feature to block SSH attacks
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Thu, 21 Dec 2006 01:07:25 -0700 (MST)
- Message-id: <bug-230160-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=230160
Summary: New security feature to block SSH attacks
Product: openSUSE 10.3
Version: unspecified
Platform: All
OS/Version: SuSE Other
Status: NEW
Severity: Enhancement
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: atte.nieminen@xxxxxxxxxxxxxx
QAContact: qa@xxxxxxx
Suse has been implementing new stuff all the time, but one crucial feature has
been missing from the great distridution.
Its the easy SSH configuration tool. This request also includes a feature to
block bruteforce attacks. Number of brute-force SSH attempts can sometimes
climb up to 300 per day. There are unofficial scripts and programs to solve
things, but no supported and official suse tools.
Not only should there be easy way to disable root-login and other options, but
the security features should be updated ASAP.
SSH attacks are nowadays a huge problem. If users use strong passwords and the
system is configured the right way, no hacker can access the system. But still
they are trying in by knocking on the ssh port. If one opens the SSH port from
the firewall one will sooner or later discover that bots try to access the
system by using dictionary attacks.
Here are examples from the logs (less var/log/messages | grep sshd )
Aug 30 15:39:19 linux sshd[10923]: Invalid user staff from a.b.c.d
Aug 30 15:39:22 linux sshd[10925]: Invalid user sales from a.b.c.d
Aug 30 15:39:25 linux sshd[10927]: Invalid user recruit from a.b.c.d
Aug 30 15:39:28 linux sshd[10929]: Invalid user alias from a.b.c.d
Dec 21 05:29:18 linux sshd[28969]: reverse mapping checking getaddrinfo for
whatever.com failed - POSSIBLE BREAKIN ATTEMPT!
To solve the problem (which most users even dont know of) a thirdparty
unofficial unsupported blocktool like blockhosts (
http://www.aczoom.com/cms/blockhosts/) needs to installed.
So in order to continue to satisfy users needs, there should a
a) easy configuration tool for ssh
b) new "module" in firewall to block automatically hacking attemps
to get the situation fixed.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Summary: New security feature to block SSH attacks
Product: openSUSE 10.3
Version: unspecified
Platform: All
OS/Version: SuSE Other
Status: NEW
Severity: Enhancement
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: atte.nieminen@xxxxxxxxxxxxxx
QAContact: qa@xxxxxxx
Suse has been implementing new stuff all the time, but one crucial feature has
been missing from the great distridution.
Its the easy SSH configuration tool. This request also includes a feature to
block bruteforce attacks. Number of brute-force SSH attempts can sometimes
climb up to 300 per day. There are unofficial scripts and programs to solve
things, but no supported and official suse tools.
Not only should there be easy way to disable root-login and other options, but
the security features should be updated ASAP.
SSH attacks are nowadays a huge problem. If users use strong passwords and the
system is configured the right way, no hacker can access the system. But still
they are trying in by knocking on the ssh port. If one opens the SSH port from
the firewall one will sooner or later discover that bots try to access the
system by using dictionary attacks.
Here are examples from the logs (less var/log/messages | grep sshd )
Aug 30 15:39:19 linux sshd[10923]: Invalid user staff from a.b.c.d
Aug 30 15:39:22 linux sshd[10925]: Invalid user sales from a.b.c.d
Aug 30 15:39:25 linux sshd[10927]: Invalid user recruit from a.b.c.d
Aug 30 15:39:28 linux sshd[10929]: Invalid user alias from a.b.c.d
Dec 21 05:29:18 linux sshd[28969]: reverse mapping checking getaddrinfo for
whatever.com failed - POSSIBLE BREAKIN ATTEMPT!
To solve the problem (which most users even dont know of) a thirdparty
unofficial unsupported blocktool like blockhosts (
http://www.aczoom.com/cms/blockhosts/) needs to installed.
So in order to continue to satisfy users needs, there should a
a) easy configuration tool for ssh
b) new "module" in firewall to block automatically hacking attemps
to get the situation fixed.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
| < Previous | Next > |