Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Carlos E. R." Newsgroups: comp.os.linux.misc Subject: Re: Is It Time To Replace SSH ??? Date: Fri, 16 Dec 2022 10:30:17 +0100 Lines: 44 Message-ID: References: <87r0x0xmre.fsf@usenet.ankman.de> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net snRkDyulvfudiXqkFth3PALdXXApoNnZ8druzUH+peTNCYyVzo Cancel-Lock: sha1:PM0KZgR2RVRGMiyYggTH/DmeW6Q= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Content-Language: es-ES, en-CA In-Reply-To: Xref: csiph.com comp.os.linux.misc:36501 On 16/12/2022 10.20, The Natural Philosopher wrote: > On 15/12/2022 23:36, Andreas Kohlbach wrote: >> On Thu, 15 Dec 2022 18:03:48 +0100, Marco Moock wrote: >>> >>> Am 15.12.2022 um 01:52:41 Uhr schrieb 26C.Z969: >>> >>>> SSH is a good oldie for sure. However, it seems to >>>> be increasingly unfit for the modern realities. There >>>> are not many straight-up ways to detect/intercept >>>> aggressive attackers. It was writ for a "kinder, >>>> gentler" IP universe where distributed attacks did >>>> not exist. Coping with such threats really, badly, >>>> needs to be very straight-up and incorporate at least >>>> a little "AI" sensibility that can maybe "just tell" >>>> an aggressor from an ordinary client. >>> >>> I don't see any alternative. What would you change in the "new" >>> protocol? >> >> More colorful interface may be. ;-) >> >>> Attacks on SSH on IPv4 networks exist (mostly brute-force), but just >>> let it run on an IPv6 address, almost nobody will find it and try to >>> log in. >> >> Also depends on how long an IP is advertising SSH (or other services). I >> have mine since two years now, and scammers getting busier to get into my >> SSH. Not that I care or block any of the IPs involved, as they change >> frequently anyway. > > I've had open SSH for years on backbone hosted kit. everybody tries to > login as root. > > I let them. Root is not allowed to log in. One idea would be to automatically block the IPs that try to login as root or other typical names used by bots. That's something a human operator would do. -- Cheers, Carlos E.R.