On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote:
1. firewall port-knocking to block scanning and attacks
2. firewall logging and IP disabling for repeated attacks (prevent DoS,
block dictionary attacks)
3. pre- and post-filtering to prevent SSH from advertising itself and
server OS
4. block empty authentication requests
5. block sending host key fingerprint for invalid or no username
6. drop SSH reply (send no response) for invalid or no username

None of these are crypto issues. The OpenSSH dev list (http:// www.openssh.com/list.html) would almost certainly lend itself to a more productive discussion of these concerns. Cheers,

Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to