I love IP Tables....
Tom Rivers
tom at impact-crater.com
Sat May 26 18:13:43 UTC 2007
On Sat, 2007-05-26 at 09:17 -0400, Michael Klinosky wrote:
> Even tho /some/ of the technical stuff eludes me, I've tried to follow
> this thread.
>
> I set up ssh for myself (I own the machines); I haven't yet actually
> made a connection (probably will this weekend).
>
> I'd like to know what threats exits for ssh - are there webpages that
> discuss this? I *thought* that using an arbitrary port and putting
> 'AllowUsers ...' into sshd_config would handle these things (along with
> a password other than 'abcd' :) ).
>
The best thing I've found to protect against brute-force SSH attacks is
something called fail2ban:
http://www.fail2ban.org/wiki/index.php/Main_Page
It watches your log files for failed attempts to gain access through
services like SSH, VSFTPD, and Apache. If it sniffs trouble, it issues
an IPTables command to ban the offending IP. The configuration files
allow you to set the threshold for action as well as the punishment to
dish out. It will even email you to let you know what has happened.
You can find it in RPM form for RHEL and Fedora. I highly recommend it
because it's simple and effective.
Tom
More information about the fedora-list
mailing list