Re: Ideas for stopping ssh brute force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Michael Gabriel wrote:


just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to ssh'd to
using weird names like admin,appuser,nobody,etc.... None of these are
valid users. I know that I can block sshd all together with iptables but
that will not work for us. I did a little research on google and found
programs like sshguard and sshdfilter. Just wanted to know if anyone had
any experience with anything like these programs or have any other advice.
I really appreciate it.
I don't know if anybody on this list tried SPA (Single Packet Authorization): 

http://www.linuxjournal.com/article/9565


As another person mentioned earlier, the idea of using VPN is very good.
I use pfSense and the VPN server inside gives the connecting user an address on a virtual subnet. Each user is given a distinct fixed ip address. Then it's easy to setup firewall rules based on what you allow the user to do. I do 10 Mbps symmetric with a "recycled" 1U Dell PowerEdge 350 (PIII/800, 512 Megs RAM). We do QoS (we have 1 WME Streaming Server, 1 Darwin Streaming On Demand Server, FTP, DNS, SMTP, etc). The CPU usage is very low. I love pfSense a lot. The only thing i struggled a little was when i tried to authenticate the user with Active Directory (M$ IAS = RADIUS). It works but i have yet to find a way to assign a fixed address to each user. I can do this if i use pfSense integrated user manager (for VPN).
In another place, i use a CentOS box as a remote gateway using SSH. I changed the SSH Port, use DenyHost, force SSH V2 and forbid password login (SSH Key login mandatory). I even got a VBS script for our Winblows users that uses plink (member of the PuTTY Family) to connect, authenticate with keys and launch RDP Terminal to connect to the Winblows Terminal Server (all this automated). The only prompt the user has is for entering his remote login name (the user must know it or the connection will be refused).
I did an installer (with Nullsoft's NSIS) so allowed Winblows users can install easily all this: The installer creates icons, protect SSH keys (NTFS Encryption), etc... The installer is protected by a password. 


Hope this helped!


Guy Boisvert, ing.
IngTegration inc.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux