Useless log message "POSSIBLE BREAK-IN ATTEMPT"

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sat, 28 Dec 2013, Damien Miller wrote:

> On Fri, 27 Dec 2013, Dan Mahoney, System Admin wrote:
>
>> I think the point here is that there's no option for openSSH to then
>> *drop the connection* or refuse it. OpenSSH *checks*, but does not
>> *enforce* anything.
>
> That's not entriely true. from=... restrictions in authorized_keys and
> "Match host" sections in sshd_config depend on the hostname. In the
> reverse-mapping check failed case, they don't get to see the original
> (probably untrustworthy) hostname and are just passed the IP address.

Right, and that was my point -- if you have a bunch of "match host" 
blocks, what do you put *outside* those blocks to just deny all 
connections?  I don't see an option like "AllowUsers None" or "DenyUsers 
All" or "DenyUsers *", at least according to the manpage.

In theory you could disable all authentication methods, which will cause 
login to fail, but there's no easy way to do an apache-style "deny from 
all", which in theory should happen even without doing a handshake in this 
situation.

> Basically, the things that depend on the hostname will not be shown one
> that appears spoofed.

Okay, and will the things that depend on the hostname work at all if 
UseDNS is turned off?

-Dan

-- 

"A mother can be an inspiration to her little son, change his thoughts,
his mind, his life, just with her gentle hum."

-No Doubt, "Different People", from "Tragic Kingdom"


--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux