[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#44808: Default to allowing password authentication on leaves users v
|
From: |
Christopher Lemmer Webber |
|
Subject: |
bug#44808: Default to allowing password authentication on leaves users vulnerable |
|
Date: |
Mon, 07 Dec 2020 16:38:37 -0500 |
|
User-agent: |
mu4e 1.4.13; emacs 27.1 |
Leo Famulari writes:
> On Sat, Dec 05, 2020 at 01:22:23PM -0500, Christopher Lemmer Webber wrote:
>> > 2. Change the default value of the relevant field in
>> > <openssh-configuration>.
>> >
>> > #2 is more thorough but also more risky: people could find themselves
>> > locked out of their server after reconfiguration, though this could be
>> > mitigated by a news entry.
>
> I do think we should avoid changing the default. I know that passphrases
> are inherently riskier than keys — compromise is more likely than with a
> key, but I think it's even more likely that people will lose access to
> their servers if we change this default.
>
> How bad is the risk, from a practical perspective? How many times per
> second can a remote attacker attempt passphrase authentication? If the
> number is high, we could petition OpenSSH to introduce a delay.
Some servers try to protect against such systems with something such as
fail2ban. It can help a little, but origin-oriented systems have
serious problems. A simple example is that a botnet can be used to try
logging in from many origins. But origin-oriented designs also don't
hold up in general as one tends to move towards things like p2p
systems... consider if exposing ssh over a tor onion service just how
easy it is to generate lots of onion addresses.
Consider the following though: most users have fairly weak passwords.
Sad, but true... but in the case where that password only is affected by
someone trying to gain login from physical access, it also only affects
physical access brute forcing with the computer on.
A weak password doesn't hold up as well when any server anywhere can
start hammering on it.
Looking at my auth logs, such hammering is super common... most of the
servers I've dealt with tend to have logs filled with bots trying to get
in all the time, and that's in an untargeted case. A targeted case is
worse.
Maybe it's not a good idea to change the default, but yes, the problem
is serious.
- bug#44808: Default to allowing password authentication on leaves users vulnerable, (continued)
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/08
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/08
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/10
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/10
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/11
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/08
bug#44808: Default to allowing password authentication on leaves users vulnerable, Leo Famulari, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable,
Christopher Lemmer Webber <=