06-20-2022, 08:48 AM
SSH brute force attacks
|
06-21-2022, 11:38 AM
(06-19-2022, 04:53 AM)user641 Wrote: Hello, Your device will be vulnerable in theory, but the risk should be very low if you use a random eight-digit number. Eight digits, that's 100 million combinations, and sshd by default allows sex auth tries before it enforces a login grace time of two minutes. So six tries every two minutes. That's 63 years to try all combinations... and that's if the intruder already knows your username. I would be more worried about bugs/vulnerabilities in whatever service(s) I run on the phone.
06-21-2022, 04:45 PM
(06-21-2022, 11:38 AM)bitnick Wrote:(06-19-2022, 04:53 AM)user641 Wrote: Hello, Interesting math perspective!
(as earlier reply mentioned) Mobian Wiki is a great resource.
Since you asked about pin numbers for ssh, a while back I happened to write on securing SSH on Pinephone + it starts with cracking default pin using Hydra - just mirrored to wordpress in case it helps. (Part I also includes the "most popular pin numbers list" - be sure your pin is not on this list). Part I Cracking default pin demo + sshd_config settings to mitigate: https://politictech.wordpress.com/2022/0...word-demo/ Part II: Add Key Auth + Learn to check SSH fingerprints: https://politictech.wordpress.com/2022/0...void-mitm/
- RTP
"In the beginner's mind there are many possibilities, in the expert's mind there are few." -Shunryu Suzuki [ Pinephone Original | Pinetab v1 / v2 Enjoyer ] Linux Device Privacy / Security Playlist |
Users browsing this thread: 2 Guest(s)