[CentOS] Securing SSH

Tue Apr 15 17:52:59 UTC 2008
Ned Slider <nedslider at pendre.co.uk>

Tim Alberts wrote:
> Ned Slider wrote:
>>> Tim Alberts wrote:
>>>> So I setup ssh on a server so I could do some work from home and I 
>>>> think the second I opened it every sorry monkey from around the 
>>>> world has been trying every account name imaginable to get into the 
>>>> system.
>>>> What's a good way to deal with this?
>> The Wiki has an article here on just this:
>> http://wiki.centos.org/HowTos/Network/SecuringSSH
> I've been experimenting with the iptables filtering with the recent 
> module, but I have not yet had success.  I do have my default policy to 
> reject with icmp and I've read the note that the default should be 
> DROP.  Is this the problem?

If you just need access from home, I would just open the ssh port to 
your home IP address. If this isn't possible because you don't have a 
static IP at home, maybe moving to a non-standard port and/or 
configuring public/private keys (and disabling password authentication) 
would be sufficient. IPTables isn't the only way to crack this 
particular nut.