[CentOS] Securing SSH

Fri Mar 28 18:46:17 UTC 2008
Morten Nilsen <morten at runsafe.no>

Rudi Ahlers wrote:
> Trey Sizemore wrote:
>> On Fri Mar 28, 2008 07:47PM, Rudi Ahlers wrote:
>>  
>>> Ray Leventhal wrote:
>>>    
>>>> James A. Peltier wrote:
>>>>      
>>>>> Rudi Ahlers wrote:
>>>>>        
>>>>>> Tim Alberts wrote:
>>>>>>          
>>>>>>> So I setup ssh on a server so I could do some work from home and 
>>>>>>> I think the second I opened it every sorry monkey from around the 
>>>>>>> world has been trying every account name imaginable to get into 
>>>>>>> the system.
>>>>>>>
>>>>>>> What's a good way to deal with this?
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> CentOS mailing list
>>>>>>> CentOS at centos.org
>>>>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>>>>
>>>>>>>             
>>>>>> 1. Change the default port
>>>>>> 2. use only SSH protocol 2
>>>>>> 3. Install some brute force protection which can automatically 
>>>>>> ban  an IP on say 5 / 10 failed login attempts
>>>>>> 4. ONLY allow SSH access from your IP, if it's static. Or signup 
>>>>>> for a DynDNS account, and then only allow SSH access from your 
>>>>>> DynDNS domain
>>>>>>
>>>>>>           
>>>>> Fail2Ban is a good brute force protector.  It works in conjunction  
>>>>> with IPTables to block IPs that are "attacking" for a said 
>>>>> duration  of time. :)
>>>>>
>>>>>
>>>>>         
>>>> I haven't used Fail2Ban, but I do like what I've been experiencing  
>>>> with apf[1]  and sim[2].  The Reactive Address Blocking (RAB) 
>>>> feature  in apf is a bit timesaver, but I expect Fail2Ban has 
>>>> something  similar.  apf is basically an easier (for me, anyway)  of 
>>>> managing  iptables.  Manually banning an ip or block is as easy as 
>>>> adding it to  the deny_hosts.rules file and restarting apf.  RAB 
>>>> really helps, again  imo.
>>>>
>>>>
>>>> HTH,
>>>> -Ray
>>>> [1] http://rfxnetworks.com/apf.php
>>>> [2] http://rfxnetworks.com/sim.php
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS at centos.org
>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>
>>>>       
>>> Here's a quick howto for Suse10.3, but the principles stay the same.  
>>> Fail2Ban can be used for many other things as well, like FTP, MySQL,  
>>> SMTP, etc  :)
>>>
>>>     
>>
>> I don't see the how-to...
>>
>>   
> Sorry, here it is
> 
> http://howtoforge.net/fail2ban_opensuse10.3
> 

(leaving quoted text in place for illustrative purposes)

I would really appreciate it, as well as most others I believe, if 
everyone could begin trimming down their replies..

When I read the emails of this thread, I had to scroll down quite a bit 
to get to the text, which wastes a few seconds of my time and leaves me 
slightly annoyed.

This in and of itself is surely no big deal, but multiply that with the 
number of subscribers on this list, and we are truly getting somewhere.

So, please, in the future when replying to an email, delete all text 
that isn't directly related to your reply.

-- 
Thank you,
Morten
:wq