lj·rk on Nostr: You can probably get away with setting LoginGraceTime to something lower than 2m ...
You can probably get away with setting LoginGraceTime to something lower than 2m (even 0s), which will completely eliminate this attack vector but make you more vulnerable to ssh DoS through session exhaustion. But it's probably the quickest fix to roll out.
Published at
2024-07-01 16:41:35Event JSON
{
"id": "670e92c4cb5f13363a758312e48fe79c9501f7e77306f4476c313abd54f22031",
"pubkey": "003f544d351f095a8088d2618b5dcd679dac307afcde4fe588dee3e6a5ae43c8",
"created_at": 1719852095,
"kind": 1,
"tags": [
[
"e",
"36ce0c28866d713f82fb3194664525c35e2a1137eb198abbb0908ddcd294a0d2",
"",
"root"
],
[
"proxy",
"https://todon.eu/@ljrk/112712226937654711",
"web"
],
[
"p",
"4cb5ca17f38660537346eeb2ee206942b3a897e88a86aac4f1a2a86045b9273b"
],
[
"proxy",
"https://todon.eu/users/ljrk/statuses/112712226937654711",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://todon.eu/users/ljrk/statuses/112712226937654711",
"pink.momostr"
],
[
"expiration",
"1722447960"
]
],
"content": "You can probably get away with setting LoginGraceTime to something lower than 2m (even 0s), which will completely eliminate this attack vector but make you more vulnerable to ssh DoS through session exhaustion. But it's probably the quickest fix to roll out.",
"sig": "fefb4af72aca48f2a97e96291d7b81bd3ebee2913915dcdd00db61f2f4e939ba7fc13ea6243ec3a25fe53790d3bce185150da29d3e8ebefc31001edd6ba313d9"
}
