[CentOS] Ideas for stopping ssh brute force attacks

Wed Jul 23 12:36:56 UTC 2008
David Mackintosh <David.Mackintosh at xdroop.com>

On Mon, Jul 21, 2008 at 04:43:11PM -0400, Bo Lynch wrote:
> just wanted to get some feedback from the community. Over the last few
> days I have noticed my web server and email box have attempted to ssh'd to
> using weird names like admin,appuser,nobody,etc.... None of these are
> valid users. I know that I can block sshd all together with iptables but
> that will not work for us. I did a little research on google and found
> programs like sshguard and sshdfilter. Just wanted to know if anyone had
> any experience with anything like these programs or have any other advice.
> I really appreciate it.

If you have a web server on the same system, you can use php and tcp
wrappers to restrict ssh inbound traffic to known systems, plus give
you a back-door key to permit yourself access from arbitrary systems
on the internet.  

http://wiki.xdroop.com/space/Linux/Limited+SSH+Access

-- 
 /\oo/\
/ /()\ \ David Mackintosh | 
         dave at xdroop.com  | http://www.xdroop.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20080723/0d785390/attachment-0005.sig>