ssh security
Scot L. Harris
webid at cfl.rr.com
Mon Dec 26 16:32:32 UTC 2005
On Mon, 2005-12-26 at 02:04, Tim wrote:
> On Sun, 2005-12-25 at 21:24 -0800, Gerald wrote:
> > It looks like i'm getting a dictionary attack on my system. I moved
> > ssh to another port instead of 22 in hopes that would put a halt to it
> > but it did not. Any recommendations to improve security here?
>
> Since you ask for "any" recommendations...
>
> If you don't need remote SSH access, configure the server not to listen
> to the outside world. Other options might be to limit what addresses
> it'll accept connections from, or which accounts can be remotely logged
> into.
>
> Even longer passwords than you care for, to make it harder to brute
> force crack.
Good suggestions as well as the one to use keys if you need ssh access.
Since someone took the time to scan for and find your ssh port then they
are targeting you specifically. If you can, identify the IP they are
coming from and put them in your iptables list to block all access from
that IP. If they are moving to different IP addresses check into things
like portsentry or the other one (ipdeny?) that will examine log files
for hack attempts and dynamically add those IP addresses to your
iptables deny list.
More information about the fedora-list
mailing list