Re: Securing SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]






Tony Placilla <bofh@xxxxxxx>
Sr. UNIX Systems Administrator
The Sheridan Libraries
Johns Hopkins University
















>>> On Tue, Mar 25, 2008 at 12:48 PM, in message <47E92CD1.3060804@xxxxxxxxxxxxx>,
Tim Alberts <talberts@xxxxxxxxxxxxx> wrote: 
> So I setup ssh on a server so I could do some work from home and I think 
> the second I opened it every sorry monkey from around the world has been 
> trying every account name imaginable to get into the system.
> 
> What's a good way to deal with this?
> 

I am subject to this on an all too frequent basis. Here's what we've put in place that seems to work.

DenyHosts. It's available through the rpmforge (or Dag's) repo.
Just be sure you edit the config to allow SNYC_DOWNLOAD & create an appropriate allowed.hosts file based upon your needs.

sshd in protocol 2 
privilege separation 
no root logins

and a nifty little PAM trick is to create a group called ssh_users & and those that should be able to access the server are put into that as their supplementary group. Edit sshd_config & add
AllowGroups ssh_users

it's part & parcel of the whole "layered security" idea


it's cut the noise in my logs down by 99.9%

plus I sleep better :)

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux