show more details in failed attempts in the syslog
Ming-Ching Tiew
mingching.tiew at redtone.com
Wed Oct 29 10:52:48 WST 2008
Matt Johnston wrote:
>
> Also, it takes a fair amount of time to perform an online brute
> force attack against an SSH server. Attackers tend to use
> simple passwords ("chicken" and "alex" were two examples I've seen
> guessed that way). It would seem much better to concentrate
> your defensive efforts on just running John or similar on
> /etc/passwd every now and then.
>
Well I agree with you that there is some sensitivity regarding
logging invalid username and password, however the motivation
here is not so much of "defence". It's more like an "audit trail",
or a proof of someone intentionally attempting an attack and it
is not casual or accidental.
Just to clarify.
Regards.
More information about the Dropbear
mailing list