[CentOS] Securing SSH
Ned Slider
nedslider at pendre.co.uk
Tue Apr 15 17:52:59 UTC 2008
Tim Alberts wrote:
> Ned Slider wrote:
>>
>>> Tim Alberts wrote:
>>>> So I setup ssh on a server so I could do some work from home and I
>>>> think the second I opened it every sorry monkey from around the
>>>> world has been trying every account name imaginable to get into the
>>>> system.
>>>>
>>>> What's a good way to deal with this?
>>>>
>>
>> The Wiki has an article here on just this:
>>
>> http://wiki.centos.org/HowTos/Network/SecuringSSH
>>
> I've been experimenting with the iptables filtering with the recent
> module, but I have not yet had success. I do have my default policy to
> reject with icmp and I've read the note that the default should be
> DROP. Is this the problem?
>
If you just need access from home, I would just open the ssh port to
your home IP address. If this isn't possible because you don't have a
static IP at home, maybe moving to a non-standard port and/or
configuring public/private keys (and disabling password authentication)
would be sufficient. IPTables isn't the only way to crack this
particular nut.
More information about the CentOS
mailing list