https://bugzilla.novell.com/show_bug.cgi?id=230160 Summary: New security feature to block SSH attacks Product: openSUSE 10.3 Version: unspecified Platform: All OS/Version: SuSE Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: atte.nieminen@cs.helsinki.fi QAContact: qa@suse.de Suse has been implementing new stuff all the time, but one crucial feature has been missing from the great distridution. Its the easy SSH configuration tool. This request also includes a feature to block bruteforce attacks. Number of brute-force SSH attempts can sometimes climb up to 300 per day. There are unofficial scripts and programs to solve things, but no supported and official suse tools. Not only should there be easy way to disable root-login and other options, but the security features should be updated ASAP. SSH attacks are nowadays a huge problem. If users use strong passwords and the system is configured the right way, no hacker can access the system. But still they are trying in by knocking on the ssh port. If one opens the SSH port from the firewall one will sooner or later discover that bots try to access the system by using dictionary attacks. Here are examples from the logs (less var/log/messages | grep sshd ) Aug 30 15:39:19 linux sshd[10923]: Invalid user staff from a.b.c.d Aug 30 15:39:22 linux sshd[10925]: Invalid user sales from a.b.c.d Aug 30 15:39:25 linux sshd[10927]: Invalid user recruit from a.b.c.d Aug 30 15:39:28 linux sshd[10929]: Invalid user alias from a.b.c.d Dec 21 05:29:18 linux sshd[28969]: reverse mapping checking getaddrinfo for whatever.com failed - POSSIBLE BREAKIN ATTEMPT! To solve the problem (which most users even dont know of) a thirdparty unofficial unsupported blocktool like blockhosts ( http://www.aczoom.com/cms/blockhosts/) needs to installed. So in order to continue to satisfy users needs, there should a a) easy configuration tool for ssh b) new "module" in firewall to block automatically hacking attemps to get the situation fixed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.