improving ssh

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Mon Jul 16 22:25:19 EDT 2007


On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote:
> 1. firewall port-knocking to block scanning and attacks
> 2. firewall logging and IP disabling for repeated attacks (prevent  
> DoS,
> block dictionary attacks)
> 3. pre- and post-filtering to prevent SSH from advertising itself and
> server OS
> 4. block empty authentication requests
> 5. block sending host key fingerprint for invalid or no username
> 6. drop SSH reply (send no response) for invalid or no username

None of these are crypto issues. The OpenSSH dev list (http:// 
www.openssh.com/list.html) would almost certainly lend itself to a  
more productive discussion of these concerns. Cheers,

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list