Re: Securing SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Tim,

The important ones, imho --
1. disallow root login
2. disallow password authentication (use keys, as someone else has
described)
3. prevent multiple failed attempts using iptables:
# Log and block repeated attempts to access SSH
# See /proc/net/ipt_recent file for low-level data
# Block attempts to access SSH if 4 or more attempts made in the last 60
secs
-A RH-Firewall-1-INPUT -p tcp --syn --dport 22 -m recent --name
sshattack --set
-A RH-Firewall-1-INPUT -p tcp --dport 22 --syn -m recent --name
sshattack --rcheck --seconds 60 --hitcount 4 -j LOG --log-prefix "SSH
REJECT: "
-A RH-Firewall-1-INPUT -p tcp --dport 22 --syn -m recent --name
sshattack --rcheck --seconds 60 --hitcount 4 -j REJECT

4. if possible, limit ssh access to your static ip.

That all seems reasonably secure to me!

Liam

Tim Alberts wrote:
> So I setup ssh on a server so I could do some work from home and I
> think the second I opened it every sorry monkey from around the world
> has been trying every account name imaginable to get into the system.
>
> What's a good way to deal with this?
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>

-- 
Liam Kirsher
PGP: http://liam.numenet.com/pgp/

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux