[CentOS] Securing SSH

Wed Mar 26 00:33:02 UTC 2008
Robert Spangler <mlists at zoominternet.net>

On Tuesday 25 March 2008 12:55, Rudi Ahlers wrote:

>  Tim Alberts wrote:
>  > So I setup ssh on a server so I could do some work from home and I
>  > think the second I opened it every sorry monkey from around the world
>  > has been trying every account name imaginable to get into the system.
>  >
>  > What's a good way to deal with this?
>  >
>  > _______________________________________________
>  > CentOS mailing list
>  > CentOS at centos.org
>  > http://lists.centos.org/mailman/listinfo/centos
>
>  1. Change the default port

Is an option but a waste of time as a scanner will find the port it was moved 
to.

>  2. use only SSH protocol 2

Agree

>  3. Install some brute force protection which can automatically ban an IP
>  on say 5 / 10 failed login attempts

Fail2ban comes to mind.

>  4. ONLY allow SSH access from your IP, if it's static. Or signup for a
>  DynDNS account, and then only allow SSH access from your DynDNS domain

I would suggest using keys for logins.  No password needed and if the 
connecting machine doesn't have the key they don't get a chance to guess at 
the password.

The idea of only allowing for strict ip address is good but what if you are on 
the move?  Now you cannot log in either, but if you are using a key no matter 
where you are you have access.


-- 

Regards
Robert

Smile... it increases your face value!
Linux User #296285
http://counter.li.org