|

SSH (Secure Shell)

Max connections per client?

View: New views

6 Messages — Rating Filter: Alert me

	Max connections per client? by Jeremy C. Reed :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message I thought I saw a patch or feature for an sshd for blocking max connections per client, max failed authentication attempts per client, and/or max authentication attempts per client . Does anyone know about that? Or do any less popular open source SSH servers provide that? (Keep counter of connections, attempts, failures per client?)
	Re: Max connections per client? by H. Kurth Bemis :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message On Thu, 2009-07-09 at 08:45 -0500, Jeremy C. Reed wrote: > I thought I saw a patch or feature for an sshd for blocking max > connections per client, max failed authentication attempts per client, > and/or max authentication attempts per client . Does anyone know about > that? > > Or do any less popular open source SSH servers provide that? (Keep counter > of connections, attempts, failures per client?) There are a number of perl scripts and what not that will tail your secure.log and record failed logins and other connection information. A number of them will also use iptables to block attacking IP's, which is most useful. :] You could always hack up a perl script to record that information for you, I haven't heard or see of any readily available solution floating around.... HTH ~k
	Re: Max connections per client? by matteo.filippetto :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message 2009/7/9 Jeremy C. Reed <reed@...>: > I thought I saw a patch or feature for an sshd for blocking max > connections per client, max failed authentication attempts per client, > and/or max authentication attempts per client . Does anyone know about > that? > > Or do any less popular open source SSH servers provide that? (Keep counter > of connections, attempts, failures per client?) > Hi, look at sshd config options. you can find them here http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config In particular there is this option NumberOfPasswordPrompts Specifies the number of password prompts before giving up. The argument to this keyword must be an integer. The default is 3. Bye -- Matteo Filippetto
	Re: Max connections per client? by matteo.filippetto :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message 2009/7/9 Jeremy C. Reed <reed@...>: > I thought I saw a patch or feature for an sshd for blocking max > connections per client, max failed authentication attempts per client, > and/or max authentication attempts per client . Does anyone know about > that? > > Or do any less popular open source SSH servers provide that? (Keep counter > of connections, attempts, failures per client?) > Sorry, those were information about client... these are sshd options... http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config MaxAuthTries Specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. The default is 6. MaxSessions Specifies the maximum number of open sessions permitted per net- work connection. The default is 10. Bye -- Matteo Filippetto
	Re: Max connections per client? by Brad Edmondson :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message Jeremy- SSH servers do not typically include this; however you can use denyhosts or fail2ban to block IPs with too many failed connection attempts. It's difficult to use anything other than IP to identify a brute-force attacker, since they can change almost everything else (client name, username, client auth key, etc.) and still be successful in a dictionary attack. These days, it is also common to see distributed ssh brute-force attacks, in which many (likely owned) computers will each try a small number of dictionary attacks, but from a large number of IPs. Connection Banning: Denyhosts: http://denyhosts.sourceforge.net/ fail2ban: http://www.fail2ban.org/wiki/index.php/OpenSSH You also may want to take a look at port knockers, which are silent daemons that can open a firewall only to one IP for a limited amount of time when it receives a series of tcp/udp connection attempts or (my favorite) in the case of fwknop, a pgp-signed packet that is authenticating and non-replayable. Traditional port knocking: https://help.ubuntu.com/community/PortKnocking Single packet authorization: fwknop: http://www.cipherdyne.org/fwknop/ Regards, Brad On Thu, Jul 9, 2009 at 9:45 AM, Jeremy C. Reed<reed@...> wrote: > I thought I saw a patch or feature for an sshd for blocking max > connections per client, max failed authentication attempts per client, > and/or max authentication attempts per client . Does anyone know about > that? > > Or do any less popular open source SSH servers provide that? (Keep counter > of connections, attempts, failures per client?) >
	Re: Max connections per client? by Eric-329 :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message On Thu, 9 Jul 2009 08:45:10 -0500 (CDT) "Jeremy C. Reed" <reed@...> wrote: > I thought I saw a patch or feature for an sshd for > blocking max connections per client, max failed > authentication attempts per client, and/or max > authentication attempts per client . Does anyone know > about that? > > Or do any less popular open source SSH servers provide > that? (Keep counter of connections, attempts, failures > per client?) OpenBSD has an option using pf to catch bruteforce attacks. You basically specify a limit on connection attempts on a port from one place. When someone exceeds those attempts, it adds them to a table and denies them further access. Eric attachment0 (202 bytes) Download Attachment