[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: illegal access using ssh

Amish Rughoonundon wrote:
> Hi,
> I was looking at my auth.log file and I saw a bunch of these things:
> Nov 28 16:22:41 localhost sshd[11363]: Illegal user nobody from
> I was wondering if there is a way to filter the ip allowed to access the
> computer and allow only 1 ip (mine) to do so. Thanks a lot,
> Amish

To deal with such kind of attacks, I have:

1. Using iptables, limited the number of ssh login attemts' rate to 5
per minute (it is my home machine and I do not have many users, so this
rate limitation does not affect me in any negative way).

2. Made sure users have strong passwords.

3. Limited who can log in via ssh by specifying the authorized uses in
sshd_config using a line similar to this:
AllowUsers tom dick harry

and restarting sshd. This line disallows all users other than Tom, Dick
and Harry.

So, even if you do not something like 1 above, the rest of the points
will keep you safe. Earlier I used to allow only certain IPs(my school
IPs) via iptables, but then I realized its limitation when I wanted to
login from my relatives computer in another city.

So, these steps in conjunction with the other suggestions you have in
other posts will make quite nice layers of security for this situation.


Reply to: