[CentOS] Ideas for stopping ssh brute force attacks
Rudi at SoftDux.com
Tue Jul 22 14:34:54 UTC 2008
Bowie Bailey wrote:
> Bo Lynch wrote:
>> just wanted to get some feedback from the community. Over the last few
>> days I have noticed my web server and email box have attempted to
>> ssh'd to using weird names like admin,appuser,nobody,etc.... None of
>> these are valid users. I know that I can block sshd all together with
>> iptables but that will not work for us. I did a little research on
>> google and found programs like sshguard and sshdfilter. Just wanted
>> to know if anyone had any experience with anything like these
>> programs or have any other advice. I really appreciate it.
> The simplest thing is to change the port. I know it's "security through
> obscurity", but it works well and can be used along with whatever other
> security enhancements you care to use.
By changing the ports on all our servers to a high (above 1024) port, we
have eliminated SSH scans altogether - been running like that for a few
years now without any problems.
I also add a small script in /etc/profile to email me when someone logs
in via SSH, since only a few privileged ppl should use SSH altogether
Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff
More information about the CentOS