Need urgent help regarding security

Josh Paetzel josh at
Fri Nov 18 10:46:28 PST 2005

On Friday 18 November 2005 01:20 am, ray at wrote:
> At 02:42 PM 11/18/2005 +1000, Timothy Smith wrote:
> | i have seen a similar attack recently doing a brute force ssh.
> | the number ONE weakness in most poorly run IT systems, is easy
> | passwords. it's amazingly easy to brute force these systems using
> | common names or variations of them.
> Speaking of SSH, if you have to provide SSH service via a public
> IP# (and you are unable to limit traffic to just specific
> management/workstation IP#'s), then it's always a good idea to
> confirm that root login is not enabled in /etc/ssh/sshd_config. 
> This make a brute force attack much more difficult, since a
> would-be attacker not only has to hit the correct password, but
> they also have to know a valid username on the system (as opposed
> to just using 'root') during an attack.
> Also, if you have access to the router, it's handy to re-write
> traffic from a higher public port down to port 22 on the server,
> since that will trip up anyone doing scans looking for a connect on
> port 22 across a large number of IP's.
> Anyway, just a couple of ideas I thought might be helpful while on
> the subject of SSH hardening :-)
> Ray

Use public/private keys WITH hardened pass-phrases.  If you aren't 
sure how secure your pass-phrases are run john the ripper on them. 
Allow only the bare minimum of remote networks to access ssh.  Make 
sure that only the users that need shells have them.  Make double 
sure that users for mail/pop do NOT have shells.  Often-times 
brute-force attacks will be directed at account names gleamed from 


Josh Paetzel

More information about the freebsd-security mailing list