Monday, August 23, 2004

Brute forcing SSH

K-Otik has posted the source code for a brute
force attack tool
for SSH. It's quite a simple tool, the author
having built the dictionary into the code rather than relying on
external dictionary files. I still get the impression that it will
still be affective against those systems with poor configurations and
weak passwords (there's more of them than you
think).

Countermeasures:

  • edit the SSH config to limit who can
    log in via SSH (hint: root should not be one of these)
  • configure
    your IP filters (routers, IPFW, IPTables, etc.) so that only certain IPs
    can connect with SSH
  • consider using SKey, user-level keys,
    Kerberos or some other type of authentication
The idea is to
turn off the default username/password authentication.

No comments:

Post a Comment