[CentOS] Securing SSH

Tue Mar 25 21:47:04 UTC 2008
Liam Kirsher <liamk at numenet.com>

Tim,

The important ones, imho --
1. disallow root login
2. disallow password authentication (use keys, as someone else has
described)
3. prevent multiple failed attempts using iptables:
# Log and block repeated attempts to access SSH
# See /proc/net/ipt_recent file for low-level data
# Block attempts to access SSH if 4 or more attempts made in the last 60
secs
-A RH-Firewall-1-INPUT -p tcp --syn --dport 22 -m recent --name
sshattack --set
-A RH-Firewall-1-INPUT -p tcp --dport 22 --syn -m recent --name
sshattack --rcheck --seconds 60 --hitcount 4 -j LOG --log-prefix "SSH
REJECT: "
-A RH-Firewall-1-INPUT -p tcp --dport 22 --syn -m recent --name
sshattack --rcheck --seconds 60 --hitcount 4 -j REJECT

4. if possible, limit ssh access to your static ip.

That all seems reasonably secure to me!

Liam

Tim Alberts wrote:
> So I setup ssh on a server so I could do some work from home and I
> think the second I opened it every sorry monkey from around the world
> has been trying every account name imaginable to get into the system.
>
> What's a good way to deal with this?
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

-- 
Liam Kirsher
PGP: http://liam.numenet.com/pgp/