/
OpenSSH ciphers the bruteforce bots don't know

OpenSSH ciphers the bruteforce bots don't know

Owned by Former user (Deleted)
Last updated: Feb 20, 2024 by Marius Ciepluch
1 min read
https://www.openssh.com/

OpenSSH hardening - brute-force protection, block bots via cipher settings

ushellnotpass# tail -n 7 /etc/ssh/sshd_config KexAlgorithms curve25519-sha256@libssh.org HostKeyAlgorithms ssh-ed25519 Ciphers chacha20-poly1305@openssh.com MACs hmac-sha2-512-etm@openssh.com

If you do that, you will find some of your usual botnet friends failing during preauth.

May 3 14:33:40 ushellnotpass sshd[123]: Unable to negotiate with 58.242.83.XX port 51697: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

Well then... 白白

 

Feb 20, 2024 I did this on the 19th on a Linux system (the day before the following screenshot):

Screenshot 2024-02-20 at 10.53.53.png
Sumo Logic Linux monitoring - Brute Force bots gone after this change was effective. I don’t say security by obscurity will work against serious threat actors.

 

Related content

SSHguard is the fail2ban in the OpenBSD world
SSHguard is the fail2ban in the OpenBSD world
OpenBSD
More like this
Getting fitting SSHFP DNS records from OpenSSH server keys
Getting fitting SSHFP DNS records from OpenSSH server keys
OpenBSD
More like this
cloudflared Zero Trust SSH and RDP, and NAT-less HTTP
cloudflared Zero Trust SSH and RDP, and NAT-less HTTP
Automation (DevOps)
More like this
Security Gateway
Security Gateway
Automation (DevOps)
More like this
1 - Secrets get reused
1 - Secrets get reused
Software Tech
More like this
Dependabot
Dependabot
Automation (DevOps)
More like this

Content by https://www.because-security.com/
📧 https://www.because-security.com/contact