Re: Ideas for stopping ssh brute force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Bo Lynch wrote:
just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc.... None of these are
valid users. I know that I can block sshd all together with iptables but
that will not work for us. I did a little research on google and found
programs like sshguard and sshdfilter. Just wanted to know if anyone had
any experience with anything like these programs or have any other advice.
I really appreciate it.


There's a page on the Wiki with a few suggestions for hardening SSH:

http://wiki.centos.org/HowTos/Network/SecuringSSH

There are a number of measures you can take and employing a few in combination is always a good idea. Strong passwords are a must as is disabling root logins. Firewalling and/or key-based authentication with passwords disabled are great where that is possible. Moving SSH to a non-standard port will certainly reduce your levels of background noise but doesn't necessarily make your setup inherently more secure.

My personal opinion is that there is enough there to work with without having to resort to 3rd party add-ons :)


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux