[CentOS] protecting multiuser systems from bruteforce ssh attacks
David G. Miller
dave at davenjudy.org
Fri Aug 21 20:03:17 UTC 2009
Eugene Vilensky <evilensky at ...> writes:
> What is the best way to protect multiuser systems from brute force
> attacks? I am setting up a relatively loose DenyHosts policy, but I
> like the idea of locking an account for a time if too many attempts
> are made, but to balance this with keeping the user from making a
> helpdesk call.
> What are some policies/techniques that have worked for this list with
> minimal hassle?
I found that moving sshd to listening on a non-standard port cut back
significantly on the number of brute force attacks I was getting. Obviously,
this doesn't do anything to really protect your system from a brute force
attack. Some of the other response had some fairly good suggestions for
preventing brute force attacks.
I was seeing several such attacks each week and frequently more than one a day
until I moved my ssh port. What this mainly does is cut down on the number of
script-kiddie attacks. The problem is that the script-kiddie attacks cause so
much noise that they potentially hide someone attacking you who you really need
to be concerned about. If the port/service is open, you really want to be able
to monitor it and cutting down on the noise helps.
More information about the CentOS