[CentOS] sshd hack

Fri Mar 10 21:43:34 UTC 2006
Scot L. Harris <webid at cfl.rr.com>

On Fri, 2006-03-10 at 16:32 -0500, Chris Mauritz wrote:
> I'm not really a programmer and I recently came across this hack to 
> insert a short sleep statement into auth-passwd.c within sshd.  It seems 
> to quickly confuse automated dictionary attacks.  I've moved sshd to 
> higher ports but apparently the cretins are now scanning to look for 
> that and attacking on whatever port sshd shows up on. 
> 
> Anyway, the link to the hack is here:
> 
> http://www.aerospacesoftware.com/ssh-kiddies.html
> 
> Just wondering if any of the wizened programmers out there can think of 
> any reason why this would be a bad thing to do.
> 
> Cheers,

Other than remembering to put it back in when you upgrade each time?

Probably a better course of action is to use strong passwords or better
yet setup keys.  Then it does not matter much how long or hard they
guess passwords.  You just have to ignore the noise in your log files.

You could try port knocking.  There are few implementations of that
available and should reduce or eliminate the problem.

But IMHO the best thing to do is make sure you use keys or at least good
strong passwords, disable root ssh access, limit ssh to specific users.
And ignore the noise in the logs.