thr3ads.net - openssh unix dev - [EXTERNAL] Re: ssh wish list? [Oct 2023]

If this information is useful, please help other people find it:
Share via:

Chris Rapier

2023-Oct-18 18:12 UTC

ssh wish list?

That's a good idea but I think fail2ban might be a better solution to 
this than extending the application itself. The main issue being that 
maintaining and managing a blocklist like that within ssh might be 
cumbersome in large organizations.

On 10/18/23 1:42 PM, Thomas K?ller wrote:> Some time ago I made a proposal to add a mechanism that would allow a 
> hook to be executed whenever an unsuccessful login attempt was made: 
> https://bugzilla.mindrot.org/show_bug.cgi?id=3384.
> 
> The idea was to manage a blacklist to lock out hosts that repeatedly 
> attempted to login by trying common passwords. Unfortunately, I could 
> not get much attention and gave up on it.
> 
> Thomas
> 
> Am 18.10.23 um 19:13 schrieb Chris Rapier:
>> Hey all,
>>
>> So I do some development based on openssh and I'm trying to think
of
>> some new projects that might extend the functionality, feature set, 
>> user workflow, performance, etc of ssh.
>>
>> So open ended question:
>>
>> Do any of you have a wish list of things you'd like to see in ssh?
>>
>>
>> Mostly I'm just curious to see what the larger community is
thinking
>> of rather than being driven entirely by what I think is cool.
>>
>>
>> Chris
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Thomas Köller

2023-Oct-18 18:34 UTC

head link

ssh wish list?

Am 18.10.23 um 20:12 schrieb Chris Rapier:> That's a good idea but I think fail2ban might be a better solution to 
> this than extending the application itself. The main issue being that 
> maintaining and managing a blocklist like that within ssh might be 
> cumbersome in large organizations.
AFAIK fail2ban works by scanning through the logs periodically, which 
IMO is a really clumsy solution.

Robinson, Herbie

2023-Oct-18 18:37 UTC

head link

[EXTERNAL] Re: ssh wish list?

If one does add such a plugin, it should be in a place where it can delay for an
exponentially increasing time (or return a delay time to SSH).  You don?t want
to just reject the login, because they might keep hammering you.

From: openssh-unix-dev <openssh-unix-dev-bounces+herbie.robinson=stratus.com
at mindrot.org> On Behalf Of Chris Rapier
Sent: Wednesday, October 18, 2023 2:12 PM
To: openssh-unix-dev at mindrot.org
Subject: [EXTERNAL] Re: ssh wish list?

[EXTERNAL SENDER: This email originated from outside of Stratus Technologies. Do
not click links or open attachments unless you recognize the sender and know the
content is safe.]

That's a good idea but I think fail2ban might be a better solution to
this than extending the application itself. The main issue being that
maintaining and managing a blocklist like that within ssh might be
cumbersome in large organizations.

On 10/18/23 1:42 PM, Thomas K?ller wrote:> Some time ago I made a proposal to add a mechanism that would allow a
> hook to be executed whenever an unsuccessful login attempt was made:
>
https://bugzilla.mindrot.org/show_bug.cgi?id=3384<https://bugzilla.mindrot.org/show_bug.cgi?id=3384>.
>
> The idea was to manage a blacklist to lock out hosts that repeatedly
> attempted to login by trying common passwords. Unfortunately, I could
> not get much attention and gave up on it.
>
> Thomas
>
> Am 18.10.23 um 19:13 schrieb Chris Rapier:
>> Hey all,
>>
>> So I do some development based on openssh and I'm trying to think
of
>> some new projects that might extend the functionality, feature set,
>> user workflow, performance, etc of ssh.
>>
>> So open ended question:
>>
>> Do any of you have a wish list of things you'd like to see in ssh?
>>
>>
>> Mostly I'm just curious to see what the larger community is
thinking
>> of rather than being driven entirely by what I think is cool.
>>
>>
>> Chris
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org<mailto:openssh-unix-dev at
mindrot.org>
>>
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev<https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org<mailto:openssh-unix-dev at
mindrot.org>
>
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev<https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org<mailto:openssh-unix-dev at mindrot.org>
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev<https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>

openssh unix dev - Oct 2023 - [EXTERNAL] Re: ssh wish list?

ssh wish list?

ssh wish list?

[EXTERNAL] Re: ssh wish list?