improving ssh

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Jul 17 01:00:42 EDT 2007


Ed Gerck <edgerck at nma.com> writes:

>Some issues could be minimized by turning off password authentication, which
>is not practical in many cases.

That would probably make things much worse.  A study of SSH attacks a few
years ago showed that nearly two thirds of all SSH private keys were stored on
disk with no protection at all, so that simply being able to read a hard drive
will get you access to any number of systems without having to trojan the SSH
client or plant a keyboard logger as you'd need for an SSH password.  So
turning off password auth would make things less secure, not more.

>1. firewall port-knocking to block scanning and attacks
>2. firewall logging and IP disabling for repeated attacks (prevent DoS, block
>dictionary attacks)

I started work on an paper that looked at doing exactly this based on traces
from SSH scanning attacks a year or two back, and realised that this is an
arms race that you can't win.  No matter what heuristics you use, all an
attacker has to do is change their scanning pattern to avoid them and all your
work is rendered useless.

The reason I never finished the paper (well, apart from that fact that this
type of defence is a lost cause) is because there's a much easier way to do
this than at the firewall or network level.  There's a paper by Pinkas and
Sander, "Securing Passwords Against Dictionary Attacks", later updated by van
Oorschot in a TISSEC paper (sorry, don't have the ref.handy) that contains a
very nice, elegant way to defeat SSH (and, in general, any password-based
protocol) scanning attacks.  I have an RFC draft to add this to SSH on the
back burner, I just haven't finished it yet because (a) too many other things
to do and (b) I'm not sure how it'll be received by the SSH community, who
seem to see public-key auth as the answer to any problem.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list