[CentOS] Securing SSH
Trey Sizemore
trey at fastmail.fm
Fri Mar 28 18:22:12 UTC 2008
On Fri Mar 28, 2008 07:47PM, Rudi Ahlers wrote:
> Ray Leventhal wrote:
>> James A. Peltier wrote:
>>> Rudi Ahlers wrote:
>>>> Tim Alberts wrote:
>>>>> So I setup ssh on a server so I could do some work from home and
>>>>> I think the second I opened it every sorry monkey from around the
>>>>> world has been trying every account name imaginable to get into
>>>>> the system.
>>>>>
>>>>> What's a good way to deal with this?
>>>>>
>>>>> _______________________________________________
>>>>> CentOS mailing list
>>>>> CentOS at centos.org
>>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>>
>>>> 1. Change the default port
>>>> 2. use only SSH protocol 2
>>>> 3. Install some brute force protection which can automatically ban
>>>> an IP on say 5 / 10 failed login attempts
>>>> 4. ONLY allow SSH access from your IP, if it's static. Or signup
>>>> for a DynDNS account, and then only allow SSH access from your
>>>> DynDNS domain
>>>>
>>>
>>> Fail2Ban is a good brute force protector. It works in conjunction
>>> with IPTables to block IPs that are "attacking" for a said duration
>>> of time. :)
>>>
>>>
>> I haven't used Fail2Ban, but I do like what I've been experiencing
>> with apf[1] and sim[2]. The Reactive Address Blocking (RAB) feature
>> in apf is a bit timesaver, but I expect Fail2Ban has something
>> similar. apf is basically an easier (for me, anyway) of managing
>> iptables. Manually banning an ip or block is as easy as adding it to
>> the deny_hosts.rules file and restarting apf. RAB really helps, again
>> imo.
>>
>>
>> HTH,
>> -Ray
>> [1] http://rfxnetworks.com/apf.php
>> [2] http://rfxnetworks.com/sim.php
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> Here's a quick howto for Suse10.3, but the principles stay the same.
> Fail2Ban can be used for many other things as well, like FTP, MySQL,
> SMTP, etc :)
>
I don't see the how-to...
--
Cheers,
Trey
----
Adversity is the trial of principle.
Without it, a man hardly knows whether he is honest or not.
--Henry Fielding
Linux valkyrie 2.6.22.17-0.1-bigsmp i686 GNU/Linux
2:21pm up 19:37, 5 users, load average: 0.68, 0.68, 0.65
More information about the CentOS
mailing list