Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

A way to solve SSH attacks problem 1

Status
Not open for further replies.
QatQat

QatQat

IS-IT--Management
Nov 16, 2001
1,031
0
0
IT
Hi everyone,

several posts have come up on this forum, including one of mine


concerning SSH attacks.

Another one with several (good) solutions


Browsing the internet on a lazy Saturday morning I found a very interesting one.


I hope you will find it useful and if so, don't forget to thank whoever is the author.

Cheers

QatQat



Life is what happens when you are making other plans.
 
Another good one to look for is denyhosts a simple daemon that runs that keeps an eye on logins and then blocks the ip of someone who fails to login 3 or so times, depending on what you set it to. This has never steered me wrong.
 
As changlinn says, use a script to block users. I notice in the article that the author says this will create a big list of blocked IP's.

Also change the SSH port to something obscure as well - this will stop bots which cause most of the log entries - if not all.

If you want to do it properly though, the box should be firewalled and only allow traffic through a VPN really.

I wish someone would just call me Sir, without adding 'Your making a scene'.

Rob
 
don't really need a vpn for ssh, it is secure enough, as long as you have a long enough, complex enough password, and disable the root login. Or you can do key based authentication, not likely that someone is going to generate the same 2048bit ssh key for logging in to your ssh server, or guess your 10 character username and 20+ character ascii password.
 
Certainly not, however when running internet facing servers it can be wise to Firewall everything with a seperate Hardware Firewall and only allow access to specific services (i.e. 80 & 443) unless your on VPN.

Admittedly its OTT for most things but i've been in several scenarios where its essential.

I wish someone would just call me Sir, without adding 'Your making a scene'.

Rob
 
Status
Not open for further replies.

Similar threads

SamBones
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
203
gbaughma
gbaughma
donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
113
spamjim
spamjim
Steve Bowman
  • Locked
  • Question
I have a Debian server (buster) I h
Replies
0
Views
39
Steve Bowman
Steve Bowman
kasperelectronics
  • Locked
  • Question
Desktop streaming from a server to low power front end device e.g. RasPi
Replies
0
Views
51
kasperelectronics
kasperelectronics
ComputersUnlimited
  • Locked
  • Question
Logging into SSH with PKI 1
Replies
2
Views
61
ComputersUnlimited
ComputersUnlimited

Part and Inventory Search

Sponsor

Back
Top