[CentOS] Securing SSH
Theo Band [GreenPeak]
theo.band at greenpeak.com
Tue Mar 25 17:45:51 UTC 2008
Tim Alberts wrote:
> So I setup ssh on a server so I could do some work from home and I
> think the second I opened it every sorry monkey from around the world
> has been trying every account name imaginable to get into the system.
>
> What's a good way to deal with this?
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
You could consider to disallow password access.
Use only public key authentication. The "attacks" will remain, but can
never succeed. (The scripts are not smart so they keep trying for hours
sometimes)
sshd_config:
PasswordAuthentication no
Now create a public/private ssh keypair and put the public key in
~/.ssh/authorized_keys on the remote machine.
# local machine*
ssh-keygen -t dsa*
*scp** ~/.ssh/id_dsa.pub remote_host:.ssh/authorized_keys
*# remote host*
**chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
*
To be really save, only allow access from a limited number of IP addresses:
**
cat ~/.ssh/authorized_keys
from="123.345.133.123,home.com,work.com" ssh-dss
AAAAB3NzaC1kc3MA<snip>AqNY= my at email
Theo
More information about the CentOS
mailing list