Re: [Sshguard-users] protecting a server with password authentication disabled

[<li...@la...>]

While sshguard is in the state of permanent blocking, I'd be hesitant to block guesses at keys since they are a low probably‎ of succeeding. However sshguard should be blocking these attempts. 



  Original Message  
From: Henri Shustak
Sent: Monday, April 18, 2016 3:33 PM
To: ssh...@li...
Reply To: ssh...@li...
Subject: Re: [Sshguard-users] protecting a server with password	authentication disabled


>> If you use a key, is there any advantage to blocking the port 22
>> password guessers? That is, sshguard does protect other services. I'm
>> thinking an IP that attacks ssh is likely to attack other services.
>> The hacker/bot doesn't know passwords are not used for ssh.
> 
> If your sshd is configured to allow only key logins, password guessing
> attempts will show up as "preauth" disconnects. SSHGuard treats these
> messages like any other attack and blocks accordingly.

This was not the case at least when I attempted to repeatedly connect with incorrect keys over 15 times, the connection was still open. This is why I sent the initial message. It seems like it would be a good idea to block this kind of pre-auth disconnect.

I did find some instructions (in previous message). However, I was wondering why this was not part of the standard configuration or if there was a simple flag which needed to be set to enable blocking of these pre-auth attacks?

Thanks.



------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Sshguard-users mailing list
Ssh...@li...
https://lists.sourceforge.net/lists/listinfo/sshguard-users