Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.misc > #36634

Re: Is It Time To Replace SSH ???

Subject Re: Is It Time To Replace SSH ???
Newsgroups comp.os.linux.misc
References (8 earlier) <63acb715@news.ausics.net> <hcqcnWDVsOsbgjD-nZ2dnZfqnPidnZ2d@earthlink.com> <87358yhg79.fsf@usenet.ankman.de> <AI-dncidY4wo2jP-nZ2dnZfqnPSdnZ2d@earthlink.com> <slrntqspgn.38j.spamtrap42@one.localnet>
From "26C.Z969" <26C.Z969@noaada.net>
Date 2022-12-31 00:12 -0500
Message-ID <4aycnUL4RfE2WTL-nZ2dnZfqn_udnZ2d@earthlink.com> (permalink)

Show all headers | View raw

On 12/29/22 11:16 PM, Robert Riches wrote:
> On 2022-12-30, 26C.Z969 <26C.Z969@noaada.net> wrote:
>> On 12/29/22 1:33 AM, Andreas Kohlbach wrote:
>>> On Thu, 29 Dec 2022 00:02:46 -0500, 26C.Z969 wrote:
>>>>
>>>> On 12/28/22 4:37 PM, Computer Nerd Kev wrote:
>>>>>
>>>>> The most effective response to a distributed attack will just be
>>>>> for it to block _all_ SSH connections, with effectiveness
>>>>> decreasing from that point as it invents ways to try and ID real
>>>>> humans.
>>>>
>>>>     I've personal experience with such attacks lasting MONTHS -
>>>>     even AFTER I changed SSH to a new net-facing port. Once one
>>>>     bot finds an interesting port it passes the info along.
>>>>     Such is the modern world. So ... blocking all traffic
>>>>     is in NO way a viable defense.
>>>
>>> There is no real threat in my opinion, unless you use weak passwords. And
>>> a little hardening might take away the paranoia: Allow only specific
>>> users. Then no one gets in even if he guesses the right account name
>>> (like "pi" as discussed earlier) and password. Unless you have an account
>>> id "pi" and a weak password.
>>
>>     You mean "123" isn't good ???  :-)
>>
>>     In my current groove I *can* restrict users a fair bit.
>>     That's just ME though - others need to deal with lots
>>     of users who may be connecting through almost any IP
>>     address that day.
>>
>>> Or use host-keys. No one gets in, unless s/he has the right key
>>     The "tighter" things are the HARDER for the regular
>>     users things become too. Pretty quick they petition
>>     a know-nothing boss to cut the crap, or find sneaky
>>     bypasses.
>>
>>     But I'm not sure if there's a good way to make it easy
>>     for the good guys and hell for the others. Everyone
>>     from the giant tech corps on down have been looking,
>>     but so far ......
>>
>>> The traffic will persist, so what. It's like you wish to sush people on
>>> the streets from chatting, because you don't like the noise. Won't
>>> happen. Just ignore it.
>>
>>     Not wise to take that tact TOO far .......
>>
>>     In any event, I asked a question somewhere upstream
>>     about whether SSH might be kinda *obsolete* at this
>>     point. SO much access is now via browser-based apps.
>>     They are as vulnerable in their ways as SSH, but they
>>     are the *preferred* access method now. MAYbe the solution
>>     to SSH is to just turn it OFF forever ?
> 
> Have you considered the solution-for-you of pretending it has
> ceased to exist?  Just uninstall both client and server software
> from all machines you control, and as far as you're concerned it
> has been turned off forever.


   Already did that on several boxes ....

   But one net-facing one remains ... mostly
   for VNC-Over-SSH tunneling - obscure, changing,
   port of course.


> For many/most of the rest of us, browser-based stuff does not fly
> for many or most of the use cases for which we use ssh.

   Well, browser-based CAN do the deed. Some would
   argue "better". Indeed they'll charge you big $$$
   for "better" .......

Back to comp.os.linux.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-15 01:52 -0500
  Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-15 08:39 +0000
    Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-15 10:09 +0000
      Re: Is It Time To Replace SSH ??? Andreas Kohlbach <ank@spamfence.net> - 2022-12-15 18:33 -0500
        Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-16 09:19 +0000
          Re: Is It Time To Replace SSH ??? Roger Blake <rogblake@iname.invalid> - 2022-12-19 00:12 +0000
            Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-19 11:05 +0000
      Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-16 18:21 +0000
        Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-17 07:03 +0000
        Re: Is It Time To Replace SSH ??? Pancho <Pancho.Jones@proton.me> - 2022-12-19 15:46 +0000
          Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-19 16:30 +0000
            Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-20 09:27 +0000
          Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-20 09:10 +0000
            Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-20 09:26 +0000
    Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-16 00:11 -0500
      Re: Is It Time To Replace SSH ??? "Carlos E. R." <robin_listas@es.invalid> - 2022-12-16 09:11 +0100
      Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-16 09:22 +0000
      Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-16 18:26 +0000
  Re: Is It Time To Replace SSH ??? Lew Pitcher <lew.pitcher@digitalfreehold.ca> - 2022-12-15 14:55 +0000
    Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-16 00:16 -0500
      Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-16 09:26 +0000
        Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-17 20:49 -0500
      Re: Is It Time To Replace SSH ??? Popping Mad <rainbow@colition.gov> - 2022-12-26 19:45 -0500
        Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-27 23:32 -0500
  Re: Is It Time To Replace SSH ??? Marco Moock <mo01@posteo.de> - 2022-12-15 18:03 +0100
    Re: Is It Time To Replace SSH ??? Andreas Kohlbach <ank@spamfence.net> - 2022-12-15 18:36 -0500
      Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-16 00:28 -0500
        Re: Is It Time To Replace SSH ??? Andreas Kohlbach <ank@spamfence.net> - 2022-12-16 01:33 -0500
          Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-17 02:08 -0500
            Re: Is It Time To Replace SSH ??? Rich <rich@example.invalid> - 2022-12-17 14:21 +0000
              Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-28 01:23 -0500
                Re: Is It Time To Replace SSH ??? not@telling.you.invalid (Computer Nerd Kev) - 2022-12-29 07:37 +1000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-29 00:02 -0500
                Re: Is It Time To Replace SSH ??? Andreas Kohlbach <ank@spamfence.net> - 2022-12-29 01:33 -0500
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-29 21:06 -0500
                Re: Is It Time To Replace SSH ??? Robert Riches <spamtrap42@jacob21819.net> - 2022-12-30 04:16 +0000
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-30 14:33 +0000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-31 00:23 -0500
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-31 00:12 -0500
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-30 14:31 +0000
                Re: Is It Time To Replace SSH ??? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2022-12-30 19:09 +0000
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-30 20:38 +0000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-31 00:32 -0500
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-31 01:00 -0500
                Re: Is It Time To Replace SSH ??? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2022-12-31 20:14 +0000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2023-01-01 00:17 -0500
        Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-16 09:21 +0000
      Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-16 09:20 +0000
        Re: Is It Time To Replace SSH ??? "Carlos E. R." <robin_listas@es.invalid> - 2022-12-16 10:30 +0100
          Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-16 09:38 +0000
            Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-16 18:29 +0000
              Re: Is It Time To Replace SSH ??? Marc Haber <mh+usenetspam1118@zugschl.us> - 2022-12-16 21:44 +0100
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-17 07:05 +0000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-17 02:31 -0500
                Re: Is It Time To Replace SSH ??? Robert Heller <heller@deepsoft.com> - 2022-12-17 12:59 +0000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-19 00:22 -0500
                Re: Is It Time To Replace SSH ??? Computer Nerd Kev <not@telling.you.invalid> - 2022-12-19 17:50 +1000
                Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-19 10:13 +0000
                Re: Is It Time To Replace SSH ??? Rich <rich@example.invalid> - 2022-12-17 14:25 +0000
                Re: Is It Time To Replace SSH ??? "Carlos E. R." <robin_listas@es.invalid> - 2022-12-18 00:51 +0100
                Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-18 11:16 +0000
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-18 12:02 +0000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-18 20:57 -0500
                Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-19 10:05 +0000
                Re: Is It Time To Replace SSH ??? "Carlos E. R." <robin_listas@es.invalid> - 2022-12-19 12:24 +0100
                Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-20 09:08 +0000
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-19 11:24 +0000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-20 22:57 -0500
                Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-21 09:35 +0000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-24 21:29 -0500
                Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-28 09:06 +0000
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-19 11:18 +0000
                Re: Is It Time To Replace SSH ??? Marc Haber <mh+usenetspam1118@zugschl.us> - 2022-12-18 14:21 +0100
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-18 21:08 -0500
                Re: Is It Time To Replace SSH ??? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-12-19 00:30 -0500
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-19 11:26 +0000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-19 22:17 -0500
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-19 21:40 -0500
                Re: Is It Time To Replace SSH ??? "Carlos E. R." <robin_listas@es.invalid> - 2022-12-19 12:27 +0100
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-19 21:46 -0500
                Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-17 08:58 +0000
                Re: Is It Time To Replace SSH ??? Ted Heise <theise@panix.com> - 2022-12-20 14:24 +0000
                Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2022-12-20 16:14 +0000
                Re: Is It Time To Replace SSH ??? Ted Heise <theise@panix.com> - 2022-12-20 20:58 +0000
          Re: Is It Time To Replace SSH ??? not@telling.you.invalid (Computer Nerd Kev) - 2022-12-17 07:58 +1000
          Re: Is It Time To Replace SSH ??? Andreas Kohlbach <ank@spamfence.net> - 2022-12-16 21:24 -0500
            Re: Is It Time To Replace SSH ??? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-12-17 02:03 -0500
              Re: Is It Time To Replace SSH ??? Andreas Kohlbach <ank@spamfence.net> - 2022-12-17 03:47 -0500
                Re: Is It Time To Replace SSH ??? "Carlos E. R." <robin_listas@es.invalid> - 2022-12-17 12:43 +0100
                Re: Is It Time To Replace SSH ??? Andreas Kohlbach <ank@spamfence.net> - 2022-12-17 20:13 -0500
                Re: Is It Time To Replace SSH ??? "Carlos E. R." <robin_listas@es.invalid> - 2022-12-18 23:35 +0100
                Re: Is It Time To Replace SSH ??? Andreas Kohlbach <ank@spamfence.net> - 2022-12-18 18:47 -0500
                Re: Is It Time To Replace SSH ??? "Carlos E. R." <robin_listas@es.invalid> - 2022-12-19 00:59 +0100
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-29 00:32 -0500
                Re: Is It Time To Replace SSH ??? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-12-17 10:30 -0500
                Re: Is It Time To Replace SSH ??? Andreas Kohlbach <ank@spamfence.net> - 2022-12-17 20:20 -0500
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-23 22:36 -0500
                Re: Is It Time To Replace SSH ??? Andreas Kohlbach <ank@spamfence.net> - 2022-12-23 23:26 -0500
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-26 01:14 -0500
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-26 20:01 +0000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-26 16:59 -0500
                Re: Is It Time To Replace SSH ??? Computer Nerd Kev <not@telling.you.invalid> - 2022-12-24 14:37 +1000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-26 01:44 -0500
                Re: Is It Time To Replace SSH ??? not@telling.you.invalid (Computer Nerd Kev) - 2022-12-27 08:33 +1000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-26 17:58 -0500
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-26 01:51 -0500
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2022-12-24 13:49 +0000
                Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-26 01:29 -0500
              Re: Is It Time To Replace SSH ??? "Carlos E. R." <robin_listas@es.invalid> - 2022-12-17 12:41 +0100
  Re: Is It Time To Replace SSH ??? Popping Mad <rainbow@colition.gov> - 2022-12-26 19:41 -0500
    Re: Is It Time To Replace SSH ??? "26C.Z969" <26C.Z969@noaada.net> - 2022-12-27 00:20 -0500
      Re: Is It Time To Replace SSH ??? Popping Mad <rainbow@colition.gov> - 2023-01-10 19:52 -0500
        Re: Is It Time To Replace SSH ??? gazelle@shell.xmission.com (Kenny McCormack) - 2023-01-13 21:21 +0000
          Re: Is It Time To Replace SSH ??? Rich <rich@example.invalid> - 2023-01-13 23:03 +0000
            Re: Is It Time To Replace SSH ??? Andreas Kohlbach <ank@spamfence.net> - 2023-01-13 21:48 -0500
            Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2023-01-14 03:39 +0000
            Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2023-01-14 10:40 +0000
            Re: Is It Time To Replace SSH ??? Pancho <Pancho.Jones@proton.me> - 2023-01-14 11:14 +0000
              Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2023-01-14 11:39 +0000
                Re: Is It Time To Replace SSH ??? Pancho <Pancho.Jones@proton.me> - 2023-01-14 14:04 +0000
                Re: Is It Time To Replace SSH ??? Richard Kettlewell <invalid@invalid.invalid> - 2023-01-14 14:28 +0000
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2023-01-14 15:26 +0000
          Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2023-01-14 03:38 +0000
            Re: Is It Time To Replace SSH ??? "26C.Z968" <26C.Z968@noaada.net> - 2023-01-14 01:47 -0500
              Re: Is It Time To Replace SSH ??? Dan Espen <dan1espen@gmail.com> - 2023-01-14 11:24 -0500
                Re: Is It Time To Replace SSH ??? The Natural Philosopher <tnp@invalid.invalid> - 2023-01-14 16:57 +0000

csiph-web