[CentOS] protecting multiuser systems from bruteforce ssh attacks

Fri Aug 21 20:03:17 UTC 2009
David G. Miller <dave at davenjudy.org>

Eugene Vilensky <evilensky at ...> writes:

> 
> Hello,
> 
> What is the best way to protect multiuser systems from brute force
> attacks?  I am setting up a relatively loose DenyHosts policy, but I
> like the idea of locking an account for a time if too many attempts
> are made, but to balance this with keeping the user from making a
> helpdesk call.
> 
> What are some policies/techniques that have worked for this list with
> minimal hassle?
> 
> Thanks!
> 
> -Eugene
> 

I found that moving sshd to listening on a non-standard port cut back
significantly on the number of brute force attacks I was getting.  Obviously,
this doesn't do anything to really protect your system from a brute force
attack.  Some of the other response had some fairly good suggestions for
preventing brute force attacks.

I was seeing several such attacks each week and frequently more than one a day
until I moved my ssh port.  What this mainly does is cut down on the number of
script-kiddie attacks.  The problem is that the script-kiddie attacks cause so
much noise that they potentially hide someone attacking you who you really need
to be concerned about.  If the port/service is open, you really want to be able
to monitor it and cutting down on the noise helps.

Cheers,
Dave