[CentOS] Securing SSH

Fri Mar 28 17:40:03 UTC 2008
Ray Leventhal <centos at swhi.net>

James A. Peltier wrote:
> Rudi Ahlers wrote:
>> Tim Alberts wrote:
>>> So I setup ssh on a server so I could do some work from home and I 
>>> think the second I opened it every sorry monkey from around the 
>>> world has been trying every account name imaginable to get into the 
>>> system.
>>>
>>> What's a good way to deal with this?
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>> 1. Change the default port
>> 2. use only SSH protocol 2
>> 3. Install some brute force protection which can automatically ban an 
>> IP on say 5 / 10 failed login attempts
>> 4. ONLY allow SSH access from your IP, if it's static. Or signup for 
>> a DynDNS account, and then only allow SSH access from your DynDNS domain
>>
>
> Fail2Ban is a good brute force protector.  It works in conjunction 
> with IPTables to block IPs that are "attacking" for a said duration of 
> time. :)
>
>
I haven't used Fail2Ban, but I do like what I've been experiencing with 
apf[1]  and sim[2].  The Reactive Address Blocking (RAB) feature in apf 
is a bit timesaver, but I expect Fail2Ban has something similar.  apf is 
basically an easier (for me, anyway)  of managing iptables.  Manually 
banning an ip or block is as easy as adding it to the deny_hosts.rules 
file and restarting apf.  RAB really helps, again imo.


HTH,
-Ray
[1] http://rfxnetworks.com/apf.php
[2] http://rfxnetworks.com/sim.php