Re: SSH Blocking
--- Alvin Oga <aoga@mail.Linux-Consulting.com> wrote:
>
> On Mon, 25 Apr 2005, Nick Miller wrote:
>
> > I maintain a couple of exim mail servers on the
> Internet and I have
> > noticed that a lot of people will try to gain
> access to these machines
> > by trying multiple SSH logins with all sorts of
> names. I am wondering if
> > there is an option in SSHD to block an IP after a
> certain amount of
> > failed login attempts as any user?
>
> - you should be disallowing ALL ssh connections to
> begin with
> and disallow remote ssh loing as root
>
> - you should only allow ssh login from ip# that you
> know about
>
> - use /etc/hosts.deny to deny everything
> ALL:ALL
>
> - use /etc/hosts.allow to allow incoming ssh from
> ip# you trust
> sshd: 192.168.1.1 w.x.y.z
>
> - even you, knowing your login and passwd, will not
> be able to
> log into the system if you turn on tcpwrappers for
> ssh
>
> c ya
> alvin
>
I think this is a very good aproach to get ssh secure
conections but in my case I add to this aproach the
following:
1. I change the port in which ssh listen
2. I configure a honey pot to listen at port 22 so the
attacker even if goes for maping your ports he still
thinks that the services is listen on port 22.
3. I use ip tables to block whatever seems extrange in
a conection to that port.
4. Finally I allow just the users that need to use the
service and deny everyone else.
I hope this help.
Regards
--
Sergio Basurto J.
If I have seen further it is by standing on the
shoulders of giants. (Isaac Newton)
--
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Reply to: