Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Carlos E. R." Newsgroups: comp.os.linux.misc Subject: Re: Is It Time To Replace SSH ??? Date: Sun, 18 Dec 2022 00:51:34 +0100 Lines: 42 Message-ID: References: <87r0x0xmre.fsf@usenet.ankman.de> <6sScnWpDiqXc7QD-nZ2dnZfqnPGdnZ2d@earthlink.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net J0N/mFIxtTotxhWrH+s3CAHsMHxWdgy4HhSHM/oVRLq9+Uf1Y4 Cancel-Lock: sha1:t3B8S1OaOMF8JuglCRpMQE6ATBs= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Content-Language: es-ES, en-CA In-Reply-To: Xref: csiph.com comp.os.linux.misc:36528 On 17/12/2022 15.25, Rich wrote: > 26C.Z969 <26C.Z969@noaada.net> wrote: >> Strictly "human" attackers are pretty much a historical artifact at >> this point - unless you're a bank or govt letter agency or some >> similar high-profile/high-return target. For the rest of the world >> it's all BOTS - busy busy little bots. They WILL try every >> password in their book and then start on the random shit. They >> will come at you from a hundred, a thousand, ten thousand IP >> ripped-off addresses. They will keep at it for days, months. Just >> one of a thousand little bot processes running on a few boxes in >> Romania or Russia that link through "friendly"-looking address >> ranges (DigitalOcean seems to be the most popular route, the >> Netherlands seems to be THE path Russians use to APPEAR to be >> "EU"). >> >> Been there, see it. >> >> SSH isn't "smart" enough to see what a human can plainly see - an >> attack. We need some "AI" sort of adjunct at this point. > > Please detail what your proposed 'smarter' ssh would do given this > situation. > > And, while you are at it, please explain why this should be an activity > that ssh concerns itself with (thereby adding significant complexity) > as opposed to this being a network monitoring layer, separate from ssh, > that monitors and remediates things on behalf of ssh and any other > services. Monitoring logs is a kludge. > >> A smarter SSH, one intentionally designed for this >> bot-ridden world, is needed. > > Please explain what additional activities your new-ssh would perform, > given the situation you have described above. -- Cheers, Carlos E.R.