[olug] Help w/ my server
topher-olug at zyp.org
Mon Jul 23 21:56:37 UTC 2012
On Mon, Jul 23, 2012 at 4:51 PM, Lou Duchez <lou at paprikash.com> wrote:
>> I would also change the default ssh port. Yes it is security by
>> obscurity, but it does block virtually all the bots from guessing your
>> password(if you have it enabled). I have disabled root ssh logins; if
>> root tries to log in, they will get an "auth failed" msg even if they
>> have put in the correct pw. You might also consider disabling remote
>> ssh password logins.
> I run Fail2Ban on my various servers, and I think all but one of them are
> running SSH on non-default ports. Coincidentally enough, the only server
> where I ever -- EVER -- get SSH hacker alerts is the one where SSH is
> running on the default port.
fail2ban is a great program for a lot of things, but there are better
ways to secure SSH on Linux.
In your IPTables config, use the following line as your "allow ssh" line:
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m limit
--limit 1/min --limit-burst 4 -j ACCEPT
Now you have built-in protection against brute-force attacks at the
kernel-level, without relying on an external program, or recognizing
the failed logins later via log watching.
More information about the OLUG