[CentOS] Securing SSH

Tue Mar 25 17:18:19 UTC 2008
Tim Alberts <talberts at msiscales.com>

Rudi Ahlers wrote:
> Tim Alberts wrote:
>> So I setup ssh on a server so I could do some work from home and I 
>> think the second I opened it every sorry monkey from around the world 
>> has been trying every account name imaginable to get into the system.
>>
>> What's a good way to deal with this?
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> 1. Change the default port
I could do that, but if they already know about it, a simple port scan 
and they'll probably find it again.  Plus I gotta go tell all my client 
programs the new port and I don't know how to do that on most of them 
(what a hassle).

> 2. use only SSH protocol 2
got it.
> 3. Install some brute force protection which can automatically ban an 
> IP on say 5 / 10 failed login attempts
The only software I know that could do this isn't supported anymore 
(trisentry) or is too confusing and I don't know it yet (snort).  
Suggestions?

> 4. ONLY allow SSH access from your IP, if it's static. Or signup for a 
> DynDNS account, and then only allow SSH access from your DynDNS domain
>
Yeah my home account is on dynamic IP.  I'd love to setup the firewall 
to only allow my home computer.  You're talking about these guys?  
http://www.dyndns.com/  never used them before, but it looks like a good 
idea.  Especially since it's free (for 5 hosts) if I read correctly.