On 30Jun2017 10:11, Greg Woods <woods@xxxxxxxx> wrote:
On Fri, Jun 30, 2017 at 9:36 AM, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
It's not necessarily a target on *you*, but very probably it's just
targeting any computer that responds to them. Poke, get a response,
keep prodding...
Yeah, pretty much all of this is totally automated these days. [...]
If you have an exposed ssh server, you will see this kind of
doorknob-rattling. I get around it in one of four ways:
You omitted way 0: DO NOT ALLOW PASSWORD BASED SSH. This is the single best
thing you can do. Allowing only key-based access simply prevents all password
based access and is cryptographicly strong, instead human-prose-imagination
strong, which is typically awful.
Way 0(a) is to "PermitRootLogin No" and 0(b) is to have a fixed and small
"AllowUsers" setting.
All your other suggestions come after that in terms of usefulness.
Password remote login: just don't do it.
1) Turn off sshd if
I don't really need it on a given system; 2) Use firewall rules to allow
access only from certain known remote locations (so I can get into my home
system from my desktop at work, for instance); 3) run sshd on a
non-standard port (won't stop the serious bad guys, but is usually good
enough to stop the automated doorknob-rattlers); and 4) If you really have
to have an ssh server that allows access from unknown remote locations, run
something like fail2ban that at least automatically blocks them if they try
too often from the same place. And the most important thing is, any of
these defenses can fail if you make a mistake configuring them (won't
happen because we're all perfect, right? :-) , so the most important thing
you can do is use strong passwords so that the brute force guessing cannot
succeed.
No, the most important thing is to make password guessing pointless.
Cheers,
Cameron Simpson <cs@xxxxxxxxxx>
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
