Re: Securing SSH

[Rudi Ahlers <Rudi@xxxxxxxxxxx>]

Trey Sizemore wrote:
> On Fri Mar 28, 2008 07:47PM, Rudi Ahlers wrote:
>   
> > Ray Leventhal wrote:
> >     
> > > James A. Peltier wrote:
> > >       
> > > > Rudi Ahlers wrote:
> > > >         
> > > > > Tim Alberts wrote:
> > > > >           
> > > > > > So I setup ssh on a server so I could do some work from home and 
> > > > > > I think the second I opened it every sorry monkey from around the 
> > > > > > world has been trying every account name imaginable to get into 
> > > > > > the system.
> > > > > >
> > > > > > What's a good way to deal with this?
> > > > > >
> > > > > > _______________________________________________
> > > > > > CentOS mailing list
> > > > > > CentOS@xxxxxxxxxx
> > > > > > http://lists.centos.org/mailman/listinfo/centos
> > > > > >
> > > > > >             
> > > > > 1. Change the default port
> > > > > 2. use only SSH protocol 2
> > > > > 3. Install some brute force protection which can automatically ban  
> > > > > an IP on say 5 / 10 failed login attempts
> > > > > 4. ONLY allow SSH access from your IP, if it's static. Or signup 
> > > > > for a DynDNS account, and then only allow SSH access from your 
> > > > > DynDNS domain
> > > > >
> > > > >           
> > > > Fail2Ban is a good brute force protector.  It works in conjunction  
> > > > with IPTables to block IPs that are "attacking" for a said duration  
> > > > of time. :)
> > > >
> > > >
> > > >         
> > > I haven't used Fail2Ban, but I do like what I've been experiencing  
> > > with apf[1]  and sim[2].  The Reactive Address Blocking (RAB) feature  
> > > in apf is a bit timesaver, but I expect Fail2Ban has something  
> > > similar.  apf is basically an easier (for me, anyway)  of managing  
> > > iptables.  Manually banning an ip or block is as easy as adding it to  
> > > the deny_hosts.rules file and restarting apf.  RAB really helps, again  
> > > imo.
> > >
> > >
> > > HTH,
> > > -Ray
> > > [1] http://rfxnetworks.com/apf.php
> > > [2] http://rfxnetworks.com/sim.php
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS@xxxxxxxxxx
> > > http://lists.centos.org/mailman/listinfo/centos
> > >
> > >       
> > Here's a quick howto for Suse10.3, but the principles stay the same.  
> > Fail2Ban can be used for many other things as well, like FTP, MySQL,  
> > SMTP, etc  :)
> >
> >     
>
> I don't see the how-to...
>
>   
Sorry, here it is

http://howtoforge.net/fail2ban_opensuse10.3

--

Kind Regards
Rudi Ahlers
CEO, SoftDux

Web:   http://www.SoftDux.com
Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos