I love IP Tables....
jdow
jdow at earthlink.net
Sun May 27 05:40:51 UTC 2007
From: "Tom Rivers" <tom at impact-crater.com>
> On Sat, 2007-05-26 at 09:17 -0400, Michael Klinosky wrote:
>> Even tho /some/ of the technical stuff eludes me, I've tried to follow
>> this thread.
>>
>> I set up ssh for myself (I own the machines); I haven't yet actually
>> made a connection (probably will this weekend).
>>
>> I'd like to know what threats exits for ssh - are there webpages that
>> discuss this? I *thought* that using an arbitrary port and putting
>> 'AllowUsers ...' into sshd_config would handle these things (along with
>> a password other than 'abcd' :) ).
>>
>
> The best thing I've found to protect against brute-force SSH attacks is
> something called fail2ban:
>
> http://www.fail2ban.org/wiki/index.php/Main_Page
>
> It watches your log files for failed attempts to gain access through
> services like SSH, VSFTPD, and Apache. If it sniffs trouble, it issues
> an IPTables command to ban the offending IP. The configuration files
> allow you to set the threshold for action as well as the punishment to
> dish out. It will even email you to let you know what has happened.
>
> You can find it in RPM form for RHEL and Fedora. I highly recommend it
> because it's simple and effective.
If the bans do not time out in a timely fashion you've potentially locked
yourself out of your machine.
{^_^}
More information about the fedora-list
mailing list