[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e11813233f4bccaf4978ccec50333f3c.squirrel@fbi.dhs.org>
Date: Mon, 21 Jun 2010 22:06:03 -0400 (EDT)
From: bugs@....dhs.org
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: targetted SSH bruteforce attacks
If you guys are interested I have a list of login/password combos they use:
http://vapid.dhs.org/ssh-attack-passwd.txt
> On 6/17/2010 3:21 PM, Paul Schmehl wrote:
>> --On Thursday, June 17, 2010 11:04:52 -0700 Xin LI <delphij@...il.com>
>> wrote:
>>>
>>> Of course it's wise to disable password authentication and just use
>>> public key authentication.
>>
>> Why? Ssh is encrypted, so you're not exposing a password when you
>> login. How
>> does public key authentication make you more secure (in a practical
>> sense)?
>
> In the case of SSH password auth you are handing the plaintext password
> directly to any server you log in to. For many of us, this is basically
> any time we're expecting to contact that server for the first time from
> that client machine. For users who are willing to bypass a server key
> mismatch warning, they may be giving away their password every time.
>
> I know there's somebody out there who always verifies server
> fingerprints through an independent trusted channel before accepting
> them. I would like to meet this person.
>
> Often the same password is used on multiple systems (e.g.
> kerberos/active directory).
>
> However, if the client is configured to only use public key auth,
> accidentally connecting to a malicious server does not automatically
> give the bad guy your plaintext password.
>
> - Marsh
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists