Re: public key authentication -- log invalid keys

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 05/02/2014 09:23 AM, Damien Miller wrote:
> On Fri, 2 May 2014, TheGezer wrote:
>
>> yeah i know, but with increasing bandwidth online, and more and more
>> folks using vps with just a public key a silent distributed attack could
>> go on for a couple of years without anything more than just lots of
>> mysterious connection attempts in the logs
> If you think that such an attack might only take "years" then you
> haven't done the math.

i hear you, i really do, but [1] there is more than one way [2] to skin
a cat, and it's a shame to have other's issues (in these two cases bad
random number generators) go unseen due to insufficient logs -- verbose
logging tends only to be turned on for troubleshooting reasons.

[1]http://taint.org/2008/05/16/165301a.html
[2]http://www.darkreading.com/vulnerabilities-and-threats/cryptographers-discover-public-key-infrastructure-flaw/d/d-id/1102851?

>
>> also consider internal breach attempts sitting inside the perimeter
>>
>> and consider that if most people lose their client public key through
>> theft or other they would typically just delete the authkey on the
>> server rather than put it in revoked keys so logging bad attempts would
>> catch these guys too
>>
>> personally, i'm going to patch my sources to have bad attempts logged at
>> a lower loglevel
> ... or you could make a one line config change.

yeah true. 
over many systems i'm wondering which would be the easier to do, but
that's a seperate issue

>
> -d

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux