[Dshield] SSH Bots

Gutza gutza at moongate.ro
Wed Mar 8 11:33:06 GMT 2006

Frank Knobbe wrote:

>Dude, you're still using passwords? Get rid of those and use keys! It's
>a bit harder to brute force a 2048 bit key :)
Note: I'm not the original poster.

Yeah, but it's a LOT harder to remember a 2048 bit key. So you tend to
keep it on a computer. And when that gets penetrated for an unrelated
reason, you end up with ALL of your accounts compromised on all
computers. No, thanks.

My solution was to maintain a whilelist. Of course, the issue here is
maintaining it in a reasonable manner. What I did was to write a simple
script which binds to a random (but stable) port -- you telnet the host
on that port, and if you give the proper command, it adds your IP to
hosts.allow on SSH. Whenever I or someone else in the team is away, they
allow their temporary IP address and log in -- no extra risks involved
and no real hassle.

I know, I know, obscurity -- but it slashed my SSH probing to nil.


More information about the list mailing list