Militantly FREE software support.
Militantly FREE software support.
NavigationUser loginSpam?See spam posts on this site? If so, please don't reply to the spam! Instead, just report the URL to the webmaster. |
How to improve ssh security?I used to have my system's access tightly controlled by source IP or domain using hosts.allow and hosts.deny. Now I have users who are coming from a variety of locations so this is not so practical. I have opened up logins to any source and I now have people trying to break in at regular intervals. Is there some way I can block an IP address after it has had a number of failed login attempts? Any other suggestions on securing ssh logins further appreciated. thanks Bookmark/Search this post with: 
|
• Debian Weekly News - Essential reading for any Debian fan. • Documentation - Debian's own authoritative documentation, including installation docs. • FAQ - Got questions about Debian GNU/Linux? • From Windows to Debian - Tips for converting from Windows to Debian GNU/Linux • Package of the Day. • Security - Security information and alerts! • Bug System - Bug tracking and instructions on reporting bugs. • CD Images - Where/how to get Debian GNU/Linux CD images. • Mailing List Subscription - Dozens of Debian-specific support mailing lists! • Mailing List Archives - Searchable archives of Debian's mailing lists. • Free Software Guidelines - Learn Debian's idea of what "free" software really is. • Package Listings - A very valuable tool: searchable, integrated with bug reports. • Apt-Get Sources - Sources for *.debs which are not official Debian packages. • Backports - Unofficial new software packages that have been "back-ported" to work with the Debian stable/official release. • Developer's Corner - Info about the people behind Debian, policies, and how to package *.deb files.
Try fail2ban
I'm not really able to advise you on ssh security in general, although it's a good idea to make sure root can't log in remotely (check the sshd_config manpage -- it has plenty of good ideas!)
There are a few tools you could use to restrict attempts at brute force attacks -- I use fail2ban, which is available in Debian. I don't know if it's considered good or not, but it does the job for me.
--
A tidy house is the sign of a stolen computer.
How to improve ssh security?
You can use iptables firewall to restrict access to 22 port.
Also you can use parameter in sshd_config
MaxStartups
Specifies the maximum number of concurrent unauthenticated con-
nections to the sshd daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying the
three colon separated values ``start:rate:full'' (e.g.,
"10:30:60"). sshd will refuse connection attempts with a proba-
bility of ``rate/100'' (30%) if there are currently ``start''
(10) unauthenticated connections. The probability increases lin-
early and all connection attempts are refused if the number of
unauthenticated connections reaches ``full'' (60).
It's your solution :)
Good luck
Janet Kellman, software reviews
How to improve ssh security?
I know this is a late response but...
Just use a perl bot to monitor your secure logs.
It can watch every min and add a user to hosts.deny if the user fails after a certain amount in a row.
Like 3 . You can give it a range of ips you want to ignore if errors like your IP so you can always get in and remove ips listed from hosts.deny if needed.