[CentOS] Securing SSH
Rudi Ahlers
Rudi at SoftDux.com
Fri Mar 28 18:38:25 UTC 2008
Trey Sizemore wrote:
> On Fri Mar 28, 2008 07:47PM, Rudi Ahlers wrote:
>
>> Ray Leventhal wrote:
>>
>>> James A. Peltier wrote:
>>>
>>>> Rudi Ahlers wrote:
>>>>
>>>>> Tim Alberts wrote:
>>>>>
>>>>>> So I setup ssh on a server so I could do some work from home and
>>>>>> I think the second I opened it every sorry monkey from around the
>>>>>> world has been trying every account name imaginable to get into
>>>>>> the system.
>>>>>>
>>>>>> What's a good way to deal with this?
>>>>>>
>>>>>> _______________________________________________
>>>>>> CentOS mailing list
>>>>>> CentOS at centos.org
>>>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>>>
>>>>>>
>>>>> 1. Change the default port
>>>>> 2. use only SSH protocol 2
>>>>> 3. Install some brute force protection which can automatically ban
>>>>> an IP on say 5 / 10 failed login attempts
>>>>> 4. ONLY allow SSH access from your IP, if it's static. Or signup
>>>>> for a DynDNS account, and then only allow SSH access from your
>>>>> DynDNS domain
>>>>>
>>>>>
>>>> Fail2Ban is a good brute force protector. It works in conjunction
>>>> with IPTables to block IPs that are "attacking" for a said duration
>>>> of time. :)
>>>>
>>>>
>>>>
>>> I haven't used Fail2Ban, but I do like what I've been experiencing
>>> with apf[1] and sim[2]. The Reactive Address Blocking (RAB) feature
>>> in apf is a bit timesaver, but I expect Fail2Ban has something
>>> similar. apf is basically an easier (for me, anyway) of managing
>>> iptables. Manually banning an ip or block is as easy as adding it to
>>> the deny_hosts.rules file and restarting apf. RAB really helps, again
>>> imo.
>>>
>>>
>>> HTH,
>>> -Ray
>>> [1] http://rfxnetworks.com/apf.php
>>> [2] http://rfxnetworks.com/sim.php
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>>
>> Here's a quick howto for Suse10.3, but the principles stay the same.
>> Fail2Ban can be used for many other things as well, like FTP, MySQL,
>> SMTP, etc :)
>>
>>
>
> I don't see the how-to...
>
>
Sorry, here it is
http://howtoforge.net/fail2ban_opensuse10.3
--
Kind Regards
Rudi Ahlers
CEO, SoftDux
Web: http://www.SoftDux.com
Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff
More information about the CentOS
mailing list