Brute force attack on ssh
62 views
Skip to first unread message
Cédric Krier
Apr 8, 2017, 6:40:06 PM4/8/17
to Tryton
Hi,
The Tryton server receives very often brute force attack on ssh. To
limit the effectiveness of such attack, I have setup a rule that prevent
one IP address to make more then 5 new connections on 120 seconds.
This means that if you do an 'hg npull' over ssh, you will be banned for
120 seconds. To avoid such case you must create first a master
connection using: 'ssh -M -N hg.tryton.org'
The rule happens to be pretty effective. In few minutes, the rule
dropped already about 15 IPs.
Sorry for the inconvenient but the Internet is a wild space and we must
protect ourself.
Regards,
--
Cédric Krier - B2CK SPRL
Email/Jabber: cedric...@b2ck.com
Tel: +32 472 54 46 59
Website: http://www.b2ck.com/
The Tryton server receives very often brute force attack on ssh. To
limit the effectiveness of such attack, I have setup a rule that prevent
one IP address to make more then 5 new connections on 120 seconds.
This means that if you do an 'hg npull' over ssh, you will be banned for
120 seconds. To avoid such case you must create first a master
connection using: 'ssh -M -N hg.tryton.org'
The rule happens to be pretty effective. In few minutes, the rule
dropped already about 15 IPs.
Sorry for the inconvenient but the Internet is a wild space and we must
protect ourself.
Regards,
--
Cédric Krier - B2CK SPRL
Email/Jabber: cedric...@b2ck.com
Tel: +32 472 54 46 59
Website: http://www.b2ck.com/
Karla Stenger
Apr 8, 2017, 9:53:18 PM4/8/17
to tryto...@googlegroups.com
2017-04-08 19:38 GMT-03:00 Cédric Krier <cedric...@b2ck.com>:
To avoid such case you must create first a master
connection using: 'ssh -M -N hg.tryton.org'
It asks me for a password. Which kind of authentication is used?
--
Cédric Krier
Apr 9, 2017, 4:30:06 AM4/9/17
to tryto...@googlegroups.com
On 2017-04-08 22:52, Karla Stenger wrote:
> 2017-04-08 19:38 GMT-03:00 Cédric Krier <cedric...@b2ck.com>:
>
> > To avoid such case you must create first a master
> > connection using: 'ssh -M -N hg.tryton.org'
> >
>
> It asks me for a password. Which kind of authentication is used?
Keys only but you must use the hg user.
> 2017-04-08 19:38 GMT-03:00 Cédric Krier <cedric...@b2ck.com>:
>
> > To avoid such case you must create first a master
> > connection using: 'ssh -M -N hg.tryton.org'
> >
>
> It asks me for a password. Which kind of authentication is used?
Karla Stenger
Apr 10, 2017, 1:57:10 PM4/10/17
to tryto...@googlegroups.com
2017-04-09 5:28 GMT-03:00 Cédric Krier <cedric...@b2ck.com>:
On 2017-04-08 22:52, Karla Stenger wrote:
> 2017-04-08 19:38 GMT-03:00 Cédric Krier <cedric...@b2ck.com>:
>
> > To avoid such case you must create first a master
> > connection using: 'ssh -M -N hg.tryton.org'
> >
>
> It asks me for a password. Which kind of authentication is used?
Keys only but you must use the hg user.
Ok, so what should be done to upload a new key?
Cédric Krier
Apr 10, 2017, 2:20:05 PM4/10/17
to tryto...@googlegroups.com
On 2017-04-10 14:56, Karla Stenger wrote:
> 2017-04-09 5:28 GMT-03:00 Cédric Krier <cedric...@b2ck.com>:
>
> > On 2017-04-08 22:52, Karla Stenger wrote:
> > > 2017-04-08 19:38 GMT-03:00 Cédric Krier <cedric...@b2ck.com>:
> > >
> > > > To avoid such case you must create first a master
> > > > connection using: 'ssh -M -N hg.tryton.org'
> > > >
> > >
> > > It asks me for a password. Which kind of authentication is used?
> >
> > Keys only but you must use the hg user.
> >
>
> Ok, so what should be done to upload a new key?
The keys are configured in the bugs.tryton.org profile.
> 2017-04-09 5:28 GMT-03:00 Cédric Krier <cedric...@b2ck.com>:
>
> > On 2017-04-08 22:52, Karla Stenger wrote:
> > > 2017-04-08 19:38 GMT-03:00 Cédric Krier <cedric...@b2ck.com>:
> > >
> > > > To avoid such case you must create first a master
> > > > connection using: 'ssh -M -N hg.tryton.org'
> > > >
> > >
> > > It asks me for a password. Which kind of authentication is used?
> >
> > Keys only but you must use the hg user.
> >
>
> Ok, so what should be done to upload a new key?
Cédric Krier
Apr 14, 2017, 3:20:06 AM4/14/17
to Tryton
On 2017-04-09 00:38, Cédric Krier wrote:
> Hi,
>
> The Tryton server receives very often brute force attack on ssh. To
> limit the effectiveness of such attack, I have setup a rule that prevent
> one IP address to make more then 5 new connections on 120 seconds.
> This means that if you do an 'hg npull' over ssh, you will be banned for
> 120 seconds. To avoid such case you must create first a master
> connection using: 'ssh -M -N hg.tryton.org'
Another way is to add the option 'ControlMaster auto' for hg.tryton.org
> Hi,
>
> The Tryton server receives very often brute force attack on ssh. To
> limit the effectiveness of such attack, I have setup a rule that prevent
> one IP address to make more then 5 new connections on 120 seconds.
> This means that if you do an 'hg npull' over ssh, you will be banned for
> 120 seconds. To avoid such case you must create first a master
> connection using: 'ssh -M -N hg.tryton.org'
host in you ssh_config [1].
[1] http://man.openbsd.org/ssh_config#ControlMaster
Reply all
Reply to author
Forward
0 new messages