SSH security
Posted by: Timothy in Linux, Sys Admin, tags: , ssh, ssh attacks, ssh configure, sshdOver the last few weeks the server logs, especially /var/log/messages seems to be filled with consistent ssh dictionary attacks. Of course this cannot continue, so what do you do to prevent it?
Well there are a few things:
1. Setup the firewall to handle them
2. Installing deny hosts
3. Configure your ssh daemon properly
4. Set up proper accounts for people
The methods that I deploy are points 1, 3 and 4.
Configuring SSH
In the sshd_conf do the following:
- change the port number: port 9999
- Allow no password auth: PasswordAuthentication no
- Allow public key auth: PubkeyAuthentication yes
- Only allow user accounts that belong to a group: AllowGroups groupName
By setting the above you have place a lot of restrictions on the who can access your server using ssh.
Configure your firewall
iptables -N SSH_CHECK
iptables -A INPUT -p tcp –dport 9999 -m state –state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m recent –set –name SSH
iptables -A SSH_CHECK -m recent –update –minutes 60 –hitcount 4 –name SSH -j DROP
Finally the last thing is to configure the user accounts that can access the server. It is strongly recommended to add the users to the sudousers if they require any specialist privileges.
Entries (RSS)