Possibly the biggest security news this past week was the announcement of a bug in OpenSSH that opens it to password cracking. Normally, OpenSSH restricts the number failed authentication attempts that can occur on an account, but the recently discovered bug can allow 10,000 authentication attempts within a 2 minute window, regardless of the OpenSSH settings.
Now high-security configurations of OpenSSH usually would usually require authentication by a private key from the client, but this isn’t always used for various reasons, and ssh brute-force hacking attempts are a common occurrence on the Internet.
So how do you enable high security when you can’t use private key authentication? Well the great thing about OpenSSH is that is supports the use of a RADIUS Server for authentication requests. Using this integration it is possible to easily implement 2FA authentication in OpenSSH using GreenRADIUS. Brute-force password hacking solved, whether OpenSSH is vulnerable or not.