OpenSSH daemon security bug?
Michael Stone
mstone at mathom.us
Wed Jan 6 11:56:09 EST 2010
On Tue, Jan 05, 2010 at 01:29:49PM -0800, Jamie Beverly wrote:
>Yes, in fact brute-force ssh-scans do occur quite frequently. Granted,
>they are not as frequent as dictionary scans. However, because even
>"strong" passwords/phrases typically contain less than 40 bits of
>entropy, the time it takes to brute-force even "strong"
>passwords/phrases is finite, and even comparatively brief.
So you don't rate limit attempts or cap failures? Interesting.
Mike Stone
More information about the openssh-unix-dev
mailing list