[ale] any suggestions on an automated method for blocking repeated failed ssh login attempts?
Geoffrey Myers
lists at serioustechnology.com
Tue Dec 28 09:17:23 EST 2010
Michael H. Warfield wrote:
> What you have just described, to me, screams "smart keys". Putty,
> Absolute telnet, et al ssh clients support these things and this is the
> only really effective way to deal with this. The keys are on a USB
> smart-key (NOT a USB memory key or SSD) or a smart card w/ reader and
> you don't need to worry about this. They CANNOT screw it up. They have
> to enter a PIN and get it right. No intruder, NO INTRUDER, can extract
> that private key. The gov has these keys now. I forget the acronym but
> it's something like UAC (Universal Access Control) or some such. This
> is a solved problem and ssh works with it very well. I have keys on my
> Aladden smart key for ssh access. You would have to steal the key and
> beat the PIN out of me (3 failures locks the key and requires a security
> officer key to reactivate).
This is some good stuff. :) So, can you define 'usb smart key?'
--
Until later, Geoffrey
"I predict future happiness for America if they can prevent
the government from wasting the labors of the people under
the pretense of taking care of them."
- Thomas Jefferson
More information about the Ale
mailing list