Re: illegal access using ssh
On (01/12/05 14:02), H.S. wrote:
> Amish Rughoonundon wrote:
> > Hi,
> > I was looking at my auth.log file and I saw a bunch of these things:
> > Nov 28 16:22:41 localhost sshd: Illegal user nobody from 184.108.40.206
> > I was wondering if there is a way to filter the ip allowed to access the
> > computer and allow only 1 ip (mine) to do so. Thanks a lot,
> > Amish
> To deal with such kind of attacks, I have:
> 1. Using iptables, limited the number of ssh login attemts' rate to 5
> per minute (it is my home machine and I do not have many users, so this
> rate limitation does not affect me in any negative way).
> 2. Made sure users have strong passwords.
> 3. Limited who can log in via ssh by specifying the authorized uses in
> sshd_config using a line similar to this:
> AllowUsers tom dick harry
> and restarting sshd. This line disallows all users other than Tom, Dick
> and Harry.
> So, even if you do not something like 1 above, the rest of the points
> will keep you safe. Earlier I used to allow only certain IPs(my school
> IPs) via iptables, but then I realized its limitation when I wanted to
> login from my relatives computer in another city.
> So, these steps in conjunction with the other suggestions you have in
> other posts will make quite nice layers of security for this situation.
Thanks, this is really useful :)
...strategies for business