| 1 |
On Tuesday 07 November 2006 20:04, Brian Davis wrote: |
| 2 |
> In addition to fail2ban, look at deny2hosts and sshdfilter. |
| 3 |
> |
| 4 |
> fire-eyes wrote: |
| 5 |
> > James Colby wrote: |
| 6 |
> >> List members - |
| 7 |
[snip] |
| 8 |
> >> My Gentoo box is connected to a linksys router connected to my cable |
| 9 |
> >> modem, the linksys is doing port forwarding to my gentoo box. Also, I |
| 10 |
> >> would like to avoid limiting which IP addresses can log into my SSH |
| 11 |
> >> server |
| 12 |
|
| 13 |
> > What you're seeing is a common, automated dictionary style attack. There |
| 14 |
> > are several ways to get rid of them. |
| 15 |
[snip] |
| 16 |
> > The next less-simple way is to change the port sshd listens on. The |
| 17 |
> > scripts assume the default of 22. |
| 18 |
|
| 19 |
I use this as it is trivial to edit the sshd port No on /etc/ssh/sshd_config |
| 20 |
and /etc/ssh/ssh_config on the client. However, you need to change the ssh |
| 21 |
client port back to 22 (or specify it on the command line) next time you |
| 22 |
connect to a production server. |
| 23 |
|
| 24 |
> > The best way is to change the port sshd listens on, and also move to key |
| 25 |
> > based authentication, and disable password based authentication. In this |
| 26 |
> > way, even if they got the port, got a real user name, and had the right |
| 27 |
> > password, it would not matter -- They haven't got the key. |
| 28 |
|
| 29 |
I also use this option. Dictionary attacks are totally ineffective as no user |
| 30 |
login passwds are accepted - full stop. Only to add to the above that even |
| 31 |
if they have the private key, they will still need the secret passphrase to |
| 32 |
be able to use it. |
| 33 |
|
| 34 |
You may also want to look in the wiki for port-knocking. |
| 35 |
-- |
| 36 |
Regards, |
| 37 |
Mick |
Archives