[ale] 300,000 failed login attempts in 6 months!!!

Pat Regan thehead at patshead.com
Tue Aug 19 22:17:13 EDT 2008


Mike Harrison wrote:
>> my servers. I have two local vty's that spawn with a root shell if I
>> ever manage to lock myself out of my box remotely, and not having to
>> remember passwords is so incredibly convenient.
> 
> I've tracked down two cases of cascading server hacks at medium sized 
> ISP's. ie: The gain access to one. The see the connects to the others in 
> your .bash_history file.. and try it. Poof, they have your -other- servers 
> as well. I -do- like the practice of keeping keys on a thumb drive...
> and taking them with you.

If you are using ssh key based authentication you should probably also
be using an ssh-agent and agent forwarding (ssh -A).  You should also
only ever keep your private key on machines that you trust.

If you are using agent forwarding, they have to compromise your one (or
very, very few) machine(s) that you actually have your key stored on
before they can compromise any more.  And you'll still be able to bunny
hop from one machine to another without needing passwords.

If you haven't played with agent forwarding, you're missing out on
something very handy :).

Pat

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20080819/e915c510/attachment.bin 


More information about the Ale mailing list