https://bugzilla.novell.com/show_bug.cgi?id=230160 lkundrak@redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lkundrak@redhat.com ------- Comment #1 from lkundrak@redhat.com 2006-12-21 05:50 MST ------- (In reply to comment #0)

Its the easy SSH configuration tool. This request also includes a feature to block bruteforce attacks. Number of brute-force SSH attempts can sometimes climb up to 300 per day. There are unofficial scripts and programs to solve things, but no supported and official suse tools.

Actually SSH prevents breakin with automated tools: it just doesn't allow user to login. In my humble opinion this is the only correct way to handle the situation. I'd even call blocking IP adresses with excessive amount of unsuccessful logins a DoS, because blocking an address that is shared by hosts behind a NAT-ing router would also likely affect innocent hosts.

SSH attacks are nowadays a huge problem. If users use strong passwords and the system is configured the right way, no hacker can access the system. But still they are trying in by knocking on the ssh port. If one opens the SSH port from the firewall one will sooner or later discover that bots try to access the system by using dictionary attacks.

I do not see the real problem here. Weak passwords are allways a problem and can not be solved with any software feature.

To solve the problem (which most users even dont know of) a thirdparty unofficial unsupported blocktool like blockhosts ( http://www.aczoom.com/cms/blockhosts/) needs to installed.

Some people prefer to use http://denyhosts.sourceforge.net/

So in order to continue to satisfy users needs, there should a a) easy configuration tool for ssh b) new "module" in firewall to block automatically hacking attemps to get the situation fixed.

I agree the GUI configuration tool might be really nice. But I see no point in filtering unsuccessful login attempts. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=230160 ------- Comment #3 from suse-beta@cboltz.de 2007-03-25 15:57 MST ------- FYI: Since 10.2, SuSEfirewall2 can help with this by using ipt_recent. Just use something like FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=300,recentname=ssh" Advantage: it uses iptables, so you don't need another daemon. Disadvantage: ipt_recent does not differ bitween successful and failed logins - so it might be DoS-like also. BTW: I have also noted some attackers trying FTP logins... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.