[CentOS] SSH attacks from china

Fri Jul 24 16:07:29 UTC 2009
Miguel Medalha <miguelmedalha at sapo.pt>

>> Using a non default port is not the solution, because history has learned 
>> that security by obscurity never worked.....
>>     
>
> It's not "security by obscurity", moving the default port is just to not
> see all that garbage in the log files - as the automated scripts don't
> check for ssh on different ports than 22. 
>   

People get those fixed ideas and it is difficult to get rid of them. Of 
course you should not rely ONLY on obscurity to secure your server. But 
using a non-standard port effectively defeats *the vast majority* of 
attacks, which never try other than the standard port. I went from 
thousands of entries in the logs to NONE.

> And save cpu cycles by not having to answer to those requests.
>
>   
YES!
>> 1: Use Iptables or other firewall in front of server,  to only allow a 
>> selected group of "trusted" Ip's to access the server trough SSH.
>>     
>
> Well, that is not always possible or wanted.
>
>   

Of course! In my case it is not even possible.

>> 2: Enforce Public / Private key Authentication, so that only the users with 
>> a valid key can access the server.
>>     
>
> And yes, you shouldn't be using ssh with password authentication, true.
>
>   

Yes! Use only authentication with an encrypted key, e.g. a 
public/private key pair.