[CentOS] Securing SSH

Fri Mar 28 18:22:12 UTC 2008
Trey Sizemore <trey at fastmail.fm>

On Fri Mar 28, 2008 07:47PM, Rudi Ahlers wrote:
> Ray Leventhal wrote:
>> James A. Peltier wrote:
>>> Rudi Ahlers wrote:
>>>> Tim Alberts wrote:
>>>>> So I setup ssh on a server so I could do some work from home and 
>>>>> I think the second I opened it every sorry monkey from around the 
>>>>> world has been trying every account name imaginable to get into 
>>>>> the system.
>>>>>
>>>>> What's a good way to deal with this?
>>>>>
>>>>> _______________________________________________
>>>>> CentOS mailing list
>>>>> CentOS at centos.org
>>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>>
>>>> 1. Change the default port
>>>> 2. use only SSH protocol 2
>>>> 3. Install some brute force protection which can automatically ban  
>>>> an IP on say 5 / 10 failed login attempts
>>>> 4. ONLY allow SSH access from your IP, if it's static. Or signup 
>>>> for a DynDNS account, and then only allow SSH access from your 
>>>> DynDNS domain
>>>>
>>>
>>> Fail2Ban is a good brute force protector.  It works in conjunction  
>>> with IPTables to block IPs that are "attacking" for a said duration  
>>> of time. :)
>>>
>>>
>> I haven't used Fail2Ban, but I do like what I've been experiencing  
>> with apf[1]  and sim[2].  The Reactive Address Blocking (RAB) feature  
>> in apf is a bit timesaver, but I expect Fail2Ban has something  
>> similar.  apf is basically an easier (for me, anyway)  of managing  
>> iptables.  Manually banning an ip or block is as easy as adding it to  
>> the deny_hosts.rules file and restarting apf.  RAB really helps, again  
>> imo.
>>
>>
>> HTH,
>> -Ray
>> [1] http://rfxnetworks.com/apf.php
>> [2] http://rfxnetworks.com/sim.php
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> Here's a quick howto for Suse10.3, but the principles stay the same.  
> Fail2Ban can be used for many other things as well, like FTP, MySQL,  
> SMTP, etc  :)
>

I don't see the how-to...

-- 
Cheers,
Trey
----
 
Adversity is the trial of principle.
Without it, a man hardly knows whether he is honest or not. 
                 --Henry Fielding
 
Linux valkyrie 2.6.22.17-0.1-bigsmp i686 GNU/Linux
  2:21pm  up  19:37,  5 users,  load average: 0.68, 0.68, 0.65