[CentOS] Securing SSH

Fri Mar 28 17:47:35 UTC 2008
Rudi Ahlers <Rudi at SoftDux.com>

Ray Leventhal wrote:
> James A. Peltier wrote:
>> Rudi Ahlers wrote:
>>> Tim Alberts wrote:
>>>> So I setup ssh on a server so I could do some work from home and I 
>>>> think the second I opened it every sorry monkey from around the 
>>>> world has been trying every account name imaginable to get into the 
>>>> system.
>>>> What's a good way to deal with this?
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS at centos.org
>>>> http://lists.centos.org/mailman/listinfo/centos
>>> 1. Change the default port
>>> 2. use only SSH protocol 2
>>> 3. Install some brute force protection which can automatically ban 
>>> an IP on say 5 / 10 failed login attempts
>>> 4. ONLY allow SSH access from your IP, if it's static. Or signup for 
>>> a DynDNS account, and then only allow SSH access from your DynDNS 
>>> domain
>> Fail2Ban is a good brute force protector.  It works in conjunction 
>> with IPTables to block IPs that are "attacking" for a said duration 
>> of time. :)
> I haven't used Fail2Ban, but I do like what I've been experiencing 
> with apf[1]  and sim[2].  The Reactive Address Blocking (RAB) feature 
> in apf is a bit timesaver, but I expect Fail2Ban has something 
> similar.  apf is basically an easier (for me, anyway)  of managing 
> iptables.  Manually banning an ip or block is as easy as adding it to 
> the deny_hosts.rules file and restarting apf.  RAB really helps, again 
> imo.
> HTH,
> -Ray
> [1] http://rfxnetworks.com/apf.php
> [2] http://rfxnetworks.com/sim.php
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
Here's a quick howto for Suse10.3, but the principles stay the same. 
Fail2Ban can be used for many other things as well, like FTP, MySQL, 
SMTP, etc  :)


Kind Regards
Rudi Ahlers
CEO, SoftDux

Web:   http://www.SoftDux.com
Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff