For the second option you can install 'fail2band', when a maximum of retrys arribes that ip is banned for a time what you was defined.
I have it installed since two years ago, and work's great! -----Mensaje original----- De: [email protected] [mailto:[email protected]] En nombre de K R Venkateshan Enviado el: miƩrcoles, 04 de febrero de 2009 8:35 Para: [email protected] Asunto: Query related to "Plaintext Recovery Attack Against SSH" Narayana Smaranas, I read the OpenSSH security advisory about "Plaintext Recovery Attack". But I was not able to get a clear picture of the same. Can someone explain in detail about this "Plaintext Recovery Attack against SSH" ? >From the above advisory, it appears that there are two approaches that could >be adopted, as a solution to this vulnerability; By enabling of CTR-mode ciphers only. or By configuration of connection retries.(Can somebody provide more details) If the second approach of connection retries is to be adopted, what is the proposed solution ? Narayana Smaranas, Venkatesha. Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/ Marc Serra - OiS [email protected] <img> Manxa 1901 S.L. Ctra. Les Tries 85 17800 Olot (Girona) Telf: +34 972 27 64 99 www.manxa.es
