On 2013-11-02 22:54, Dmitrij D. Czarkoff wrote:
Chris Down said:
On 2013-11-02 11:13, Dmitrij D. Czarkoff wrote:
Irony?
Huh?
pgpfsdKrYPUaF.pgp
Description: PGP signature
Once there was one that was trying to brute force my ssh, but, it was
sent very fast to blacklist.
I looked up a bit, and it was a known (found on web list of banned
ip's) hackers based on Russia.
Only once?, You must be a lucky man, because the usual is several
attacks by each day ...
Hi all,
I was wondering: I know that ssh is crap once you look at what it
actually does (overcomplex configuration/encapsulation/protocol), so is
there any alternative already in existence? If not, I have a proposal
for one: Shell over SSL.
The reason for SSL is that AFAIK most of the suck in it
On Sun, Nov 03, 2013 at 07:46:25AM +0100, Roberto E. Vargas Caballero wrote:
Once there was one that was trying to brute force my ssh, but, it was
sent very fast to blacklist.
I looked up a bit, and it was a known (found on web list of banned
ip's) hackers based on Russia.
Only once?,
On Sun, 3 Nov 2013 12:26:52 +0200
sin s...@2f30.org wrote:
Word, I get something like ~100 attacks per few minutes. I rate limit
it at the firewall level.
How effective is it to actually bind sshd to another port (like 1337 for
instance)?
Is that a sane defense against those attacks or have
On Sun, Nov 03, 2013 at 09:47:34AM +0100, FRIGN wrote:
On Sun, 3 Nov 2013 12:26:52 +0200
sin s...@2f30.org wrote:
Word, I get something like ~100 attacks per few minutes. I rate limit
it at the firewall level.
How effective is it to actually bind sshd to another port (like 1337 for
On 2013-11-03 09:47, FRIGN wrote:
How effective is it to actually bind sshd to another port (like 1337 for
instance)?
Is that a sane defense against those attacks or have the
attackers advanced in the last few years to to a broader portscan?
In my experience, it cuts it down quite
Greetings.
On Sun, 03 Nov 2013 12:43:50 +0100 Markus Wichmann nullp...@gmx.net wrote:
Well, how is it? Critique? Endorsement?
Use ssh, it’s all there. The deployment vs. suck rate is too low in com‐
parison to what could go wrong implementing such a critical feature
in an insecure way.
On Sun, 3 Nov 2013 19:08:16 +0800
Chris Down ch...@chrisdown.name wrote:
If you do this, you should make sure that you run on a port 1024,
though, otherwise someone could find some way to make your daemon crash
and masquerade as it (which is still protected a little assuming that
your SSH
On 2013-11-03 12:43, Christoph Lohmann wrote:
Use ssh, it’s all there. The deployment vs. suck rate is too low in com‐
parison to what could go wrong implementing such a critical feature
in an insecure way.
I agree about the last point, but I'm not sure deployment should factor
into it
On Sun, 3 Nov 2013 19:54:41 +0800
Chris Down ch...@chrisdown.name wrote:
Cryptography is a niche. Let the cryptographers do their business, I am
not knowledgeable enough to say what sucks and does not suck in that
arena (other than saying that OpenSSL is one of the worst pieces of shit
I have
Greetings.
On Sun, 03 Nov 2013 12:59:36 +0100 Chris Down ch...@chrisdown.name wrote:
On 2013-11-03 12:43, Christoph Lohmann wrote:
Use ssh, it’s all there. The deployment vs. suck rate is too low in com‐
parison to what could go wrong implementing such a critical feature
in an
On 2013-11-03 11:07, FRIGN wrote:
I could imagine a fork/rewrite based on OpenSSL's crypto-code, called
s3l (suckless ssl), but see the implicated problems with it. You
can't just rewrite software without having at least one real
specialist to check the code. Looking at OpenSSL, it has
gnutls?
--
Sylvain
On 2013-11-03 15:18, Sylvain BERTRAND wrote:
gnutls?
I'm guessing to say that, you must have never used the horror that is
GnuTLS :-)
PolarSSL is okay-ish, it's GPL though.
pgpAn3Qh9vCuo.pgp
Description: PGP signature
gnutls?
I'm guessing to say that, you must have never used the horror that is
GnuTLS :-)
I used it a long time ago, nothing bad to say about it though. I
haven't read its code.
PolarSSL is okay-ish, it's GPL though.
Good for me, I thought it was *BSD-like.
--
Sylvain
On Sun, Nov 03, 2013 at 12:24:38PM -0500, Bobby Powers wrote:
There is a rather nice and complete looking SSH implementation in go:
http://godoc.org/code.google.com/p/go.crypto/ssh
Unfortunately, this is not C, this is a high level language (a
naughty one: its syntax depends on an internal
On Sun, Nov 3, 2013 at 6:52 PM, Sylvain BERTRAND sylw...@legeek.net wrote:
On Sun, Nov 03, 2013 at 12:24:38PM -0500, Bobby Powers wrote:
There is a rather nice and complete looking SSH implementation in go:
http://godoc.org/code.google.com/p/go.crypto/ssh
Unfortunately, this is not C, this is
Greetings.
On Mon, 04 Nov 2013 06:42:40 +0100 Jacob Todd jaketodd...@gmail.com wrote:
On Sun, Nov 3, 2013 at 6:52 PM, Sylvain BERTRAND sylw...@legeek.net wrote:
On Sun, Nov 03, 2013 at 12:24:38PM -0500, Bobby Powers wrote:
There is a rather nice and complete looking SSH implementation in go:
19 matches
Mail list logo