public key authentication -- log invalid keys
TheGezer
openssh-unix-dev at thegeezer.net
Mon May 5 05:51:18 EST 2014
On 05/02/2014 09:23 AM, Damien Miller wrote:
> On Fri, 2 May 2014, TheGezer wrote:
>
>> yeah i know, but with increasing bandwidth online, and more and more
>> folks using vps with just a public key a silent distributed attack could
>> go on for a couple of years without anything more than just lots of
>> mysterious connection attempts in the logs
> If you think that such an attack might only take "years" then you
> haven't done the math.
i hear you, i really do, but [1] there is more than one way [2] to skin
a cat, and it's a shame to have other's issues (in these two cases bad
random number generators) go unseen due to insufficient logs -- verbose
logging tends only to be turned on for troubleshooting reasons.
[1]http://taint.org/2008/05/16/165301a.html
[2]http://www.darkreading.com/vulnerabilities-and-threats/cryptographers-discover-public-key-infrastructure-flaw/d/d-id/1102851?
>
>> also consider internal breach attempts sitting inside the perimeter
>>
>> and consider that if most people lose their client public key through
>> theft or other they would typically just delete the authkey on the
>> server rather than put it in revoked keys so logging bad attempts would
>> catch these guys too
>>
>> personally, i'm going to patch my sources to have bad attempts logged at
>> a lower loglevel
> ... or you could make a one line config change.
yeah true.
over many systems i'm wondering which would be the easier to do, but
that's a seperate issue
>
> -d
More information about the openssh-unix-dev
mailing list