1 |
On Tuesday 07 November 2006 20:04, Brian Davis wrote: |
2 |
> In addition to fail2ban, look at deny2hosts and sshdfilter. |
3 |
> |
4 |
> fire-eyes wrote: |
5 |
> > James Colby wrote: |
6 |
> >> List members - |
7 |
[snip] |
8 |
> >> My Gentoo box is connected to a linksys router connected to my cable |
9 |
> >> modem, the linksys is doing port forwarding to my gentoo box. Also, I |
10 |
> >> would like to avoid limiting which IP addresses can log into my SSH |
11 |
> >> server |
12 |
|
13 |
> > What you're seeing is a common, automated dictionary style attack. There |
14 |
> > are several ways to get rid of them. |
15 |
[snip] |
16 |
> > The next less-simple way is to change the port sshd listens on. The |
17 |
> > scripts assume the default of 22. |
18 |
|
19 |
I use this as it is trivial to edit the sshd port No on /etc/ssh/sshd_config |
20 |
and /etc/ssh/ssh_config on the client. However, you need to change the ssh |
21 |
client port back to 22 (or specify it on the command line) next time you |
22 |
connect to a production server. |
23 |
|
24 |
> > The best way is to change the port sshd listens on, and also move to key |
25 |
> > based authentication, and disable password based authentication. In this |
26 |
> > way, even if they got the port, got a real user name, and had the right |
27 |
> > password, it would not matter -- They haven't got the key. |
28 |
|
29 |
I also use this option. Dictionary attacks are totally ineffective as no user |
30 |
login passwds are accepted - full stop. Only to add to the above that even |
31 |
if they have the private key, they will still need the secret passphrase to |
32 |
be able to use it. |
33 |
|
34 |
You may also want to look in the wiki for port-knocking. |
35 |
-- |
36 |
Regards, |
37 |
Mick |