Grokbase
Topics Posts Groups | in
x
[ help ]

Re: Securing SSH

View PostFlat  Thread  Threaded | < Prev - Next >
Rudi Ahlers Re: [CentOS] Securing SSH
| +1 vote
[ Profile | Reply to group ] [ Flat  Thread  Threaded ]
Tim Alberts wrote:
> So I setup ssh on a server so I could do some work from home and I
> think the second I opened it every sorry monkey from around the world
> has been trying every account name imaginable to get into the system.
>
> What's a good way to deal with this?
>
> _______________________________________________
> CentOS mailing list
> [email protected: C...@centos.org]
> http://lists.centos.org/mailman/listinfo/centos
>

1. Change the default port
2. use only SSH protocol 2
3. Install some brute force protection which can automatically ban an IP
on say 5 / 10 failed login attempts
4. ONLY allow SSH access from your IP, if it's static. Or signup for a
DynDNS account, and then only allow SSH access from your DynDNS domain

--

Kind Regards
Rudi Ahlers
CEO, SoftDux

Web: http://www.SoftDux.com
Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stugg

_______________________________________________
CentOS mailing list
[email protected: C...@centos.org]
http://lists.centos.org/mailman/listinfo/centos

Thread : Securing SSH
1)
Timothy Alberts So I setup ssh on a server so I could do some work from home and I think the second I opened it...
2)
Mike Kercher iptables, disallow root login via ssh, no valid shell for users that don't need one, strong...
3)
Timothy Alberts iptables..add the ip of the attack source to reject? They keep moving IP, this is very time...
4)
Ingemar Nilsson This is probably not what he meant. You can use a key pair to authenticate with the SSH server and...
5)
John R Pierce stop thinking 'they', that implies theres someone intentionally targetting you. its just viruses...
6)
Timothy Alberts Oh no..they're out there. They're watching us now. They know we're talking about them. :)
7)
Rudi Ahlers 1. Change the default port 2. use only SSH protocol 2 3. Install some brute force protection which...
8)
James A. Peltier Fail2Ban is a good brute force protector. It works in conjunction with IPTables to block IPs that...
9)
Anne Wilson And I can confirm that it's a doddle to set up. The defaults were fine for me - nothing needed...
10)
Timothy Alberts I could do that, but if they already know about it, a simple port scan and they'll probably find it...
11)
Ray Van Dolson If you're talking about people who are just scanning your machine and then doing brute force on the...
12)
Robert Spangler Is an option but a waste of time as a scanner will find the port it was moved to. Agree Fail2ban...
13)
John R Pierce actually, those 'attempts' are coming from virus infected systems which randomly probe for SSH...
14)
Timothy Alberts Just a virus you think? They are some pretty lame account names: judy, frank, bob..However they are...
15)
Timothy Alberts FYI, here's a list of the losers (so far). I suggest everyone wish horrible things happen to these...
16)
Matt Shields DenyHosts - http://denyhosts.sourceforge.net/ Also, when you set it up, set it to download the...
17)
Theo Band [GreenPeak] You could consider to disallow password access. Use only public key authentication. The "attacks"...
18)
David Mackintosh This is what I do. http://wiki.xdroop.com/space/Linux/Limited+SSH+Access
19)
Timothy Alberts That sounds great for getting around a remote dynamic IP address, but some more...
20)
Rudi Ahlers Why? What is on that site which is very specific to the setup?
21)
John R Pierce he's referring to YOUR controlling webpage, which they refer to as my-sshd-access.php there.
22)
Rudi Ahlers aah ok. But that's something he should either not use if necessary, or rather secure with a...
23)
Scott Silva This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --==============01072332=Content-Type:...
24)
John R Pierce if you post your weblogs online, perhaps via an analysis package such as Analog, DO be sure to...
25)
Scott Silva This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --==============52930982=Content-Type:...
26)
David Mackintosh Strictly speaking, yes; however in practice, the number of bots (or, indeed, external users who are...
27)
Tony Placilla Tony Placilla <bofh@jhu.edu> Sr. UNIX Systems Administrator The Sheridan Libraries Johns Hopkins...
28)
Liam Kirsher Tim, The important ones, imho -- 1. disallow root login 2. disallow password authentication (use...
spacer
View PostFlat  Thread  Threaded | < Prev - Next >
Home > Groups > CentOS > Securing SSH (28 posts) > View Post
Grokbase | Groups | Tags | People | Add a group | FAQ | About

Provide feedback | del.icio.us | Credits | Created by John