[Triumf-linux-managers] FYI - credential stuffing list used for SSH dictionary attacks
Andrew Daviel
advax at triumf.ca
Fri Jan 25 18:35:37 PST 2019
There was an annoucement recently of some 700 million leaked passwords.
Many of those are in Troy Hunt's password database at
https://haveibeenpwned.com/Passwords
Off and on, I've been logging the passwords used for SSH dictionary
attacks at e.g.
http://andrew.triumf.ca/sshpwd/ssh-failed-passwd.20170827.html
All of 14,000 passwords I've checked so far are in the credential
stuffing list.
So it seems likely that that's what's being used, rather than random
words or character strings. That suggests that if you lose a password in
a website breach, it might be tried against SSH.
As before, we recommend disabling password logins for root in
sshd_config, viz. "PermitRootLogin without-password".
https://arstechnica.com/information-technology/2019/01/hacked-and-dumped-online-773-million-records-with-plaintext-passwords/
--
Andrew Daviel
Tel. +1 604 222 7376 (Pacific Time)
Network Security Manager
TRIUMF - Canada's particle accelerator centre
More information about the Triumf-linux-managers
mailing list