[CentOS] Securing SSH

Fri Mar 28 18:38:25 UTC 2008
Rudi Ahlers <Rudi at SoftDux.com>

Trey Sizemore wrote:
> On Fri Mar 28, 2008 07:47PM, Rudi Ahlers wrote:
>   
>> Ray Leventhal wrote:
>>     
>>> James A. Peltier wrote:
>>>       
>>>> Rudi Ahlers wrote:
>>>>         
>>>>> Tim Alberts wrote:
>>>>>           
>>>>>> So I setup ssh on a server so I could do some work from home and 
>>>>>> I think the second I opened it every sorry monkey from around the 
>>>>>> world has been trying every account name imaginable to get into 
>>>>>> the system.
>>>>>>
>>>>>> What's a good way to deal with this?
>>>>>>
>>>>>> _______________________________________________
>>>>>> CentOS mailing list
>>>>>> CentOS at centos.org
>>>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>>>
>>>>>>             
>>>>> 1. Change the default port
>>>>> 2. use only SSH protocol 2
>>>>> 3. Install some brute force protection which can automatically ban  
>>>>> an IP on say 5 / 10 failed login attempts
>>>>> 4. ONLY allow SSH access from your IP, if it's static. Or signup 
>>>>> for a DynDNS account, and then only allow SSH access from your 
>>>>> DynDNS domain
>>>>>
>>>>>           
>>>> Fail2Ban is a good brute force protector.  It works in conjunction  
>>>> with IPTables to block IPs that are "attacking" for a said duration  
>>>> of time. :)
>>>>
>>>>
>>>>         
>>> I haven't used Fail2Ban, but I do like what I've been experiencing  
>>> with apf[1]  and sim[2].  The Reactive Address Blocking (RAB) feature  
>>> in apf is a bit timesaver, but I expect Fail2Ban has something  
>>> similar.  apf is basically an easier (for me, anyway)  of managing  
>>> iptables.  Manually banning an ip or block is as easy as adding it to  
>>> the deny_hosts.rules file and restarting apf.  RAB really helps, again  
>>> imo.
>>>
>>>
>>> HTH,
>>> -Ray
>>> [1] http://rfxnetworks.com/apf.php
>>> [2] http://rfxnetworks.com/sim.php
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>>       
>> Here's a quick howto for Suse10.3, but the principles stay the same.  
>> Fail2Ban can be used for many other things as well, like FTP, MySQL,  
>> SMTP, etc  :)
>>
>>     
>
> I don't see the how-to...
>
>   
Sorry, here it is

http://howtoforge.net/fail2ban_opensuse10.3

-- 

Kind Regards
Rudi Ahlers
CEO, SoftDux

Web:   http://www.SoftDux.com
Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff