On Thu, 2009-08-20 at 15:14 -0500, Eugene Vilensky wrote:
Hello,
What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call.
Along with DenyHosts, consider the SSH server options "AllowGroups" and "AllowUsers" to specify the users/groups allowed to connect. My experience is that this will deal with the majority of brute-force attacks, since many of these target "known" user accounts ( "root", "daemon", etc. ) as well as "common names" ( joe, jane, etc. ).
If an attempt is made to log in with a user name not specified by the "AllowGroups" or "AllowUsers" options, the ssh server will reject it as an "invalid user" and throw the connection on the floor, which seems to lighten the load for DenyHosts. Refer to "man sshd_config" for more info.
For myself, with a pretty small user population, I just create a group called "sshusers" ( of course, the name can be whatever you choose ) and put users in that group who need SSH access from outside.
As always, YMMV. ;>
What are some policies/techniques that have worked for this list with minimal hassle?
Thanks!
-Eugene _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos