[ale] any suggestions on an automated method for blocking repeated failed ssh login attempts?

Geoffrey Myers lists at serioustechnology.com
Tue Dec 28 09:17:23 EST 2010


Michael H. Warfield wrote:

> What you have just described, to me, screams "smart keys".  Putty,
> Absolute telnet, et al ssh clients support these things and this is the
> only really effective way to deal with this.  The keys are on a USB
> smart-key (NOT a USB memory key or SSD) or a smart card w/ reader and
> you don't need to worry about this.  They CANNOT screw it up.  They have
> to enter a PIN and get it right.  No intruder, NO INTRUDER, can extract
> that private key.  The gov has these keys now.  I forget the acronym but
> it's something like UAC (Universal Access Control) or some such.  This
> is a solved problem and ssh works with it very well.  I have keys on my
> Aladden smart key for ssh access.  You would have to steal the key and
> beat the PIN out of me (3 failures locks the key and requires a security
> officer key to reactivate).

This is some good stuff. :)  So, can you define 'usb smart key?'

-- 
Until later, Geoffrey

"I predict future happiness for America if they can prevent
the government from wasting the labors of the people under
the pretense of taking care of them."
- Thomas Jefferson


More information about the Ale mailing list