OpenSSH ciphers the bruteforce bots don't know

Owned by Former user (Deleted)
Last updated: Feb 20, 2024 by Marius Ciepluch
1 min read
https://www.openssh.com/

OpenSSH hardening - brute-force protection, block bots via cipher settings

ushellnotpass# tail -n 7 /etc/ssh/sshd_config KexAlgorithms curve25519-sha256@libssh.org HostKeyAlgorithms ssh-ed25519 Ciphers chacha20-poly1305@openssh.com MACs hmac-sha2-512-etm@openssh.com

If you do that, you will find some of your usual botnet friends failing during preauth.

May 3 14:33:40 ushellnotpass sshd[123]: Unable to negotiate with 58.242.83.XX port 51697: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

Well then... 白白

 

Feb 20, 2024 I did this on the 19th on a Linux system (the day before the following screenshot):

Screenshot 2024-02-20 at 10.53.53.png
Sumo Logic Linux monitoring - Brute Force bots gone after this change was effective. I don’t say security by obscurity will work against serious threat actors.

 

Content by https://www.because-security.com/
📧 https://www.because-security.com/contact