Re: Securing SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Trey Sizemore wrote:
On Fri Mar 28, 2008 07:47PM, Rudi Ahlers wrote:
Ray Leventhal wrote:
James A. Peltier wrote:
Rudi Ahlers wrote:
Tim Alberts wrote:
So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system.

What's a good way to deal with this?

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

1. Change the default port
2. use only SSH protocol 2
3. Install some brute force protection which can automatically ban an IP on say 5 / 10 failed login attempts 4. ONLY allow SSH access from your IP, if it's static. Or signup for a DynDNS account, and then only allow SSH access from your DynDNS domain

Fail2Ban is a good brute force protector. It works in conjunction with IPTables to block IPs that are "attacking" for a said duration of time. :)


I haven't used Fail2Ban, but I do like what I've been experiencing with apf[1] and sim[2]. The Reactive Address Blocking (RAB) feature in apf is a bit timesaver, but I expect Fail2Ban has something similar. apf is basically an easier (for me, anyway) of managing iptables. Manually banning an ip or block is as easy as adding it to the deny_hosts.rules file and restarting apf. RAB really helps, again imo.


HTH,
-Ray
[1] http://rfxnetworks.com/apf.php
[2] http://rfxnetworks.com/sim.php
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

Here's a quick howto for Suse10.3, but the principles stay the same. Fail2Ban can be used for many other things as well, like FTP, MySQL, SMTP, etc :)


I don't see the how-to...

Sorry, here it is

http://howtoforge.net/fail2ban_opensuse10.3

--

Kind Regards
Rudi Ahlers
CEO, SoftDux

Web:   http://www.SoftDux.com
Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux