[CentOS] Securing SSH

Tue Mar 25 17:00:18 UTC 2008
James A. Peltier <jpeltier at sfu.ca>

Rudi Ahlers wrote:
> Tim Alberts wrote:
>> So I setup ssh on a server so I could do some work from home and I 
>> think the second I opened it every sorry monkey from around the world 
>> has been trying every account name imaginable to get into the system.
>>
>> What's a good way to deal with this?
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> 1. Change the default port
> 2. use only SSH protocol 2
> 3. Install some brute force protection which can automatically ban an IP 
> on say 5 / 10 failed login attempts
> 4. ONLY allow SSH access from your IP, if it's static. Or signup for a 
> DynDNS account, and then only allow SSH access from your DynDNS domain
> 

Fail2Ban is a good brute force protector.  It works in conjunction with 
IPTables to block IPs that are "attacking" for a said duration of time. :)


-- 
James A. Peltier
Technical Director, RHCE
SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus
Phone   : 778-782-3610
Fax     : 778-782-3045
Mobile  : 778-840-6434
E-Mail  : jpeltier at cs.sfu.ca
Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca
MSN     : subatomic_spam at hotmail.com