[Info-vax] SSH on VAX - performance impact of break in attempts
VAXman- at SendSpamHere.ORG
VAXman- at SendSpamHere.ORG
Wed Aug 25 07:52:20 EDT 2010
In article <f50a4e16-e9d2-4336-b320-8a9ce58b226e at h19g2000yqb.googlegroups.com>, urbancamo <mark at wickensonline.co.uk> writes:
>On Aug 25, 7:11=A0am, Ken Robinson <kenrb... at gmail.com> wrote:
>> On Aug 25, 1:53=A0am, urbancamo <m... at wickensonline.co.uk> wrote:
>>
>>
>>
>> > Good morning,
>>
>> > I have a VAX running Multinet V5.3 under a hobbyist license which has
>> > an SSH server running to allow access for selected remote users. I've
>> > been experiencing a number of break in attempts lately, generally
>> > lasting for several hours each. Each attempt causes the SSH server to
>> > utilise 100% CPU for about 20 seconds (on a VAXstation 4000/90) - this
>> > is having a negative impact for users on overall system performance. I
>> > am using the SSH2 server.
>>
>> > I have attempted a number of strategies to reduce this impact:
>>
>> > 1. I have defined an AllowUsers list so only named users are allowed.
>> > 2. I have set AuthInteractiveFailureTimeout to 30 so that there is a
>> > 30 second delay between login attempts from the same host/session.
>> > 3. I have set RequiredAuthentications to publickey,password so that
>> > both a password and a valid public key are required.
>>
>> > Unfortunately none of these strategies reduce the length of 100% CPU
>> > utilisation for failed login attempts.
>>
>> Change the port for SSH to something other than the default of 22 (and
>> tell the real users of the change). This should eliminated 99% of the
>> breakin attempts.
>>
>> Ken
>
>Thanks Ken,
>
>Yes, that's a good idea.
This is not only a problem with Multinet ssh or with ssh on VMS; it affects
other systems as well. I have advocated changing the listener port from 22
here and in other forums. I have moved all of my ssh servers from 22 to a
port number high up in the ephemeral port range. Nary a squeak from any of
the consoles reporting an ssh breakin attempt now.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
All your spirit rack abuses, come to haunt you back by day.
All your Byzantine excuses, given time, given you away.
More information about the Info-vax
mailing list