[CentOS] sshd: Authentication Failures: 137 Time(s)

Tue Apr 5 04:42:56 UTC 2011
rrichard at blythe.org <rrichard at blythe.org>

> Hi,
> to prevent scripted dictionary attacks to
> I applied those iptables rules:
> -A
INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set
> --name SSH --rsource

What I have done to totally thwart
script-kiddy attacks against SSH is to 

1) Move sshd to another
port, one higher than 5000
2) configure SSH for RSA-KEY
authentication ONLY IE no PAM auth
3) Set up Fail2Ban to auto
ip-table block ANY offending IPs after 5 tries.

Script kiddies
assume ssh is on port 22, and mosr posr scans don't go as high as 5000.

Since I implement this strategy a month ago, I have seen ZERO
attempts against SSH

> CentOS mailing
> CentOS at centos.org