https://bugzilla.novell.com/show_bug.cgi?id=230160 lkundrak@redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lkundrak@redhat.com ------- Comment #1 from lkundrak@redhat.com 2006-12-21 05:50 MST ------- (In reply to comment #0)
Its the easy SSH configuration tool. This request also includes a feature to block bruteforce attacks. Number of brute-force SSH attempts can sometimes climb up to 300 per day. There are unofficial scripts and programs to solve things, but no supported and official suse tools.
Actually SSH prevents breakin with automated tools: it just doesn't allow user to login. In my humble opinion this is the only correct way to handle the situation. I'd even call blocking IP adresses with excessive amount of unsuccessful logins a DoS, because blocking an address that is shared by hosts behind a NAT-ing router would also likely affect innocent hosts.
SSH attacks are nowadays a huge problem. If users use strong passwords and the system is configured the right way, no hacker can access the system. But still they are trying in by knocking on the ssh port. If one opens the SSH port from the firewall one will sooner or later discover that bots try to access the system by using dictionary attacks.
I do not see the real problem here. Weak passwords are allways a problem and can not be solved with any software feature.
To solve the problem (which most users even dont know of) a thirdparty unofficial unsupported blocktool like blockhosts ( http://www.aczoom.com/cms/blockhosts/) needs to installed.
Some people prefer to use http://denyhosts.sourceforge.net/
So in order to continue to satisfy users needs, there should a a) easy configuration tool for ssh b) new "module" in firewall to block automatically hacking attemps to get the situation fixed.
I agree the GUI configuration tool might be really nice. But I see no point in filtering unsuccessful login attempts. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.