Re: Keyboard Interactive Attack?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 22/07/15 21:41, Scott Neugroschl wrote:
I read an article today about keyboard interactive auth allowing bruteforcing.

I'm afraid I have minimal understanding of what keyboard-interactive really does.  What does it do, and should I have my clients set it to off in sshd_config?
keyboard-interactive would ask the user for a password. You could be doing something a bit different through PAM, but given your query, you probably aren't, and both password and keyboard-interactive are basically equivalent on your system.

Does it allow bruteforcing? Yes, they could attempt to your users passwords. But they are using safe passwords, right?

My advise is:
* Disable password authentication for root (PermitRootLogin to no or without-password). This is by far the most attacked account, annd the one they can do most damage through.

* Do not allow users to simple passwords (at the very least, the password must not contain the username).

* Ban ips after X failures (use a tool like fail2ban)

* Locking out account after X password failures may be an appropiate measure, but largely depends on your setup (eg. How should the lock expire or shall the unlock be manual? Can your clients call your helpdesk and get unlocked?). This would be configured through pam.

Best regards

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux