Re: ssh gives "Permission denied, please try again"

On Thu, 17 Jul 2008 19:38:59 +0100, Tony Houghton wrote:

On Thu, 17 Jul 2008 18:33:07 +0100
Ian Rawlings <news06@xxxxxxxxxxxxx> wrote:

Be aware though that this will also allow anyone else to connect to
port 22 on your internal machine, so you will need to keep ssh up to
date, and make sure ssh is configured properly, as hackers routinely
try to log in using large numbers of usernames and passwords, so
either only allow public key authentication or make sure the machine
does not have any standard username and password combinations.

I configure the router to forward a different external port to 22 on my
own PCs. This makes it a little harder for hackers, and also means I can
have different PCs on different external ports. As long as I remember
the right port when using remote clients... Rather than allow password
authentication it's better to carry a USB memory stick with your key
(and a copy of putty can be handy too).


Waste of time.

Keep your machine patched and up to date. Pick a *random* password and
remember it. Configure ssh to only allow those users that actually need to
be able to log in to log in.

For good measure pick usernames that are none obvious, i.e. jonathan would
be a really poor username.

I have never had a box compromised despite many years of being 24x7
connected with *much* better connectivity than a ADSL connection.

For example my logwatch output for today on my 24x7 connected ADSL box

60.191.220.143: 168 times
root/password: 15 times
admin/password: 7 times
test/password: 5 times
admins/password: 2 times
guest/password: 2 times
info/password: 2 times
pgsql/password: 2 times
richard/password: 2 times
sales/password: 2 times
user/password: 2 times
username/password: 2 times
web/password: 2 times
webmaster/password: 2 times
adam/password: 1 time
adm/password: 1 time
administrator/password: 1 time
agent/password: 1 time
alan/password: 1 time
alex/password: 1 time
alias/password: 1 time
amanda/password: 1 time
amavisd/password: 1 time
angel/password: 1 time
apache/password: 1 time
appowner/password: 1 time
appserver/password: 1 time
aptproxy/password: 1 time
backup/password: 1 time
bin/password: 1 time
brett/password: 1 time
clamav/password: 1 time
core/password: 1 time
cyrus/password: 1 time
cyrusimap/password: 1 time
daemon/password: 1 time
dan/password: 1 time
danny/password: 1 time
data/password: 1 time
david/password: 1 time
dean/password: 1 time
desktop/password: 1 time
divine/password: 1 time
eleve/password: 1 time
eppc/password: 1 time
frank/password: 1 time
ftp/password: 1 time
ftpuser/password: 1 time
games/password: 1 time
george/password: 1 time
gnats/password: 1 time
gopher/password: 1 time
halt/password: 1 time
harrypotter/password: 1 time
http/password: 1 time
httpd/password: 1 time
ident/password: 1 time
identd/password: 1 time
irc/password: 1 time
jabber/password: 1 time
james/password: 1 time
jeff/password: 1 time
john/password: 1 time
library/password: 1 time
linux/password: 1 time
list/password: 1 time
lp/password: 1 time
mail/password: 1 time
mailman/password: 1 time
mailnull/password: 1 time
master/password: 1 time
michael/password: 1 time
mike/password: 1 time
mysql/password: 1 time
named/password: 1 time
news/password: 1 time
newsletter/password: 1 time
nfsnobody/password: 1 time
nobody/password: 1 time
office/password: 1 time
operator/password: 1 time
oracle/password: 1 time
party/password: 1 time
paul/password: 1 time
pop/password: 1 time
popa3d/password: 1 time
postfix/password: 1 time
postgres/password: 1 time
postmaster/password: 1 time
proxy/password: 1 time
qtss/password: 1 time
radiomail/password: 1 time
recruit/password: 1 time
robert/password: 1 time
rpc/password: 1 time
rpcuser/password: 1 time
rpm/password: 1 time
samba/password: 1 time
sara/password: 1 time
search/password: 1 time
securityagent/password: 1 time
sgi/password: 1 time
shop/password: 1 time
shutdown/password: 1 time
smmsp/password: 1 time
snort/password: 1 time
spam/password: 1 time
ssh/password: 1 time
sshd/password: 1 time
staff/password: 1 time
stephen/password: 1 time
steven/password: 1 time
sunny/password: 1 time
susan/password: 1 time
sync/password: 1 time
sys/password: 1 time
telnetd/password: 1 time
tokend/password: 1 time
tomcat/password: 1 time
tony/password: 1 time
unknown/password: 1 time
users/password: 1 time
uucp/password: 1 time
virus/password: 1 time
visitor/password: 1 time
webadmin/password: 1 time
webpop/password: 1 time
windowserver/password: 1 time
workshop/password: 1 time
www-data/password: 1 time
www/password: 1 time
wwwrun/password: 1 time
xgridagent/password: 1 time
xgridcontroller/password: 1 time
zzz/password: 1 time
86.3.9.89 (cpc2-hudd7-0-0-cust344.hudd.cable.ntl.com): 380 times
root/password: 163 times
test/password: 6 times
admin/password: 5 times
user/password: 5 times
redtube/password: 4 times
user1/password: 4 times
andrew/password: 3 times
mail/password: 3 times
falcon/password: 2 times
guest/password: 2 times
mysql/password: 2 times
aaliyah/password: 1 time
abby/password: 1 time
abigail/password: 1 time
aidan/password: 1 time
alexa/password: 1 time
alexander/password: 1 time
alexandra/password: 1 time
alexis/password: 1 time
allison/password: 1 time
alyssa/password: 1 time
amanda/password: 1 time
amber/password: 1 time
amelia/password: 1 time
ana/password: 1 time
anna/password: 1 time
anthony/password: 1 time
apple/password: 1 time
arianna/password: 1 time
ashley/password: 1 time
ashlyn/password: 1 time
audrey/password: 1 time
austin/password: 1 time
autumn/password: 1 time
ava/password: 1 time
avery/password: 1 time
bailey/password: 1 time
ben/password: 1 time
benjamin/password: 1 time
brandon/password: 1 time
brian/password: 1 time
brianna/password: 1 time
brooke/password: 1 time
brooklyn/password: 1 time
caleb/password: 1 time
cameron/password: 1 time
carly/password: 1 time
caroline/password: 1 time
chloe/password: 1 time
christopher/password: 1 time
cjohnson/password: 1 time
claire/password: 1 time
cocolino/password: 1 time
connor/password: 1 time
courtney/password: 1 time
cyrus/password: 1 time
daniel/password: 1 time
danielle/password: 1 time
data/password: 1 time
demo/password: 1 time
design/password: 1 time
destiny/password: 1 time
dylan/password: 1 time
elizabeth/password: 1 time
ella/password: 1 time
emily/password: 1 time
emma/password: 1 time
erin/password: 1 time
ethan/password: 1 time
export/password: 1 time
faith/password: 1 time
fedora/password: 1 time
fly/password: 1 time
ftp/password: 1 time
ftpuser/password: 1 time
gabriella/password: 1 time
gabrielle/password: 1 time
gast/password: 1 time
gerry/password: 1 time
grace/password: 1 time
gracie/password: 1 time
guset/password: 1 time
hailey/password: 1 time
hannah/password: 1 time
http/password: 1 time
httpd/password: 1 time
install/password: 1 time
isabella/password: 1 time
isabelle/password: 1 time
jack/password: 1 time
jackson/password: 1 time
jacob/password: 1 time
jada/password: 1 time
james/password: 1 time
jasmine/password: 1 time
jayden/password: 1 time
jenna/password: 1 time
jessica/password: 1 time
jillian/password: 1 time
john/password: 1 time
jordan/password: 1 time
joseph/password: 1 time
joshua/password: 1 time
julia/password: 1 time
justin/password: 1 time
kaitlyn/password: 1 time
kate/password: 1 time
katherine/password: 1 time
katie/password: 1 time
kayla/password: 1 time
kaylee/password: 1 time
kendall/password: 1 time
kennedy/password: 1 time
knoppix/password: 1 time
kylie/password: 1 time
lauren/password: 1 time
leah/password: 1 time
lillian/password: 1 time
lily/password: 1 time
lindsey/password: 1 time
linux/password: 1 time
logan/password: 1 time
mackenzie/password: 1 time
madeline/password: 1 time
madison/password: 1 time
magazine/password: 1 time
maggie/password: 1 time
makayla/password: 1 time
marissa/password: 1 time
mary/password: 1 time
master/password: 1 time
matthew/password: 1 time
maya/password: 1 time
mckenna/password: 1 time
megan/password: 1 time
mia/password: 1 time
michael/password: 1 time
molly/password: 1 time
morgan/password: 1 time
murray/password: 1 time
natalie/password: 1 time
nathan/password: 1 time
newsroom/password: 1 time
nicholas/password: 1 time
nicole/password: 1 time
noah/password: 1 time
olivia/password: 1 time
oracle/password: 1 time
paige/password: 1 time
pass/password: 1 time
password/password: 1 time
peyton/password: 1 time
photo/password: 1 time
postgres/password: 1 time
postmaster/password: 1 time
public/password: 1 time
reagan/password: 1 time
rebecca/password: 1 time
research/password: 1 time
riley/password: 1 time
rootroot/password: 1 time
ryan/password: 1 time
samantha/password: 1 time
sarah/password: 1 time
savannah/password: 1 time
server/password: 1 time
service/password: 1 time
shelby/password: 1 time
sierra/password: 1 time
skylar/password: 1 time
sophia/password: 1 time
sophie/password: 1 time
sydney/password: 1 time
system/password: 1 time
tachel/password: 1 time
taylor/password: 1 time
temp/password: 1 time
test1/password: 1 time
teste/password: 1 time
tester/password: 1 time
testuser/password: 1 time
trinity/password: 1 time
tyler/password: 1 time
victoria/password: 1 time
web/password: 1 time
webmaster/password: 1 time
william/password: 1 time
www-data/password: 1 time
www/password: 1 time
www1/password: 1 time
zachary/password: 1 time
zoe/password: 1 time
86.4.178.133 (cpc1-ando3-0-0-cust644.sotn.cable.ntl.com): 1 time
root/password: 1 time
125.17.156.236: 87 times
root/password: 28 times
admin/password: 9 times
test/password: 7 times
guest/password: 4 times
fluffy/password: 3 times
webmaster/password: 3 times
info/password: 2 times
user/password: 2 times
username/password: 2 times
alan/password: 1 time
alex/password: 1 time
apache/password: 1 time
aron/password: 1 time
backup/password: 1 time
brett/password: 1 time
danny/password: 1 time
data/password: 1 time
ftp/password: 1 time
http/password: 1 time
httpd/password: 1 time
library/password: 1 time
linux/password: 1 time
master/password: 1 time
mike/password: 1 time
mysql/password: 1 time
network/password: 1 time
nobody/password: 1 time
oracle/password: 1 time
sales/password: 1 time
sharon/password: 1 time
shell/password: 1 time
shop/password: 1 time
unix/password: 1 time
webadmin/password: 1 time
word/password: 1 time
www-data/password: 1 time


None of which got anywhere as none of them are in the AllowUsers list. If
you actually bother to look at the passwords that get tried, then anyone
who gets compromised from these dictionary attacks deserves it.


JAB.

--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
St. Andrews, United Kingdom.
.

Relevant Pages

  • Re: OT: password crackers
    ... dictionary of usernames and passwords. ... If you are behind a NAT, do you need to ssh in from outside your ... then don't forward the ssh port internally. ... Some of the attempts are with alphabetically ordered usernames from a list, ...
    (Ubuntu)
  • Internet SSH scans
    ... SSH service. ... happens to run a SSH server at home. ... with different usernames. ...
    (Incidents)
  • [NEWS] SSH service at Dell DRAC4 Denial of Service (Mocana)
    ... SSH service at Dell DRAC4 Denial of Service ... Dell Remote Access Card 4 allows customers to effectively manage ... After the use of such a port scanner, ...
    (Securiteam)
  • Re: Remote Desktop directly to another computer on the network
    ... default port... ... And there is no reason for me to believe that ssh ... When I have a multibillion company I will use the key pair, ... WinSCP for that to access my home SSH server. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: SSH safety
    ... SSH safety (J.L. ... FC3 missing KDE menu items ... I was wondering how safe it is to open the ssh port up to the internet. ...
    (Fedora)