[olug] Help w/ my server
Lou Duchez
lou at paprikash.com
Mon Jul 23 21:59:06 UTC 2012
On 7/23/2012 5:56 PM, Christopher Cashell wrote:
> On Mon, Jul 23, 2012 at 4:51 PM, Lou Duchez <lou at paprikash.com> wrote:
>>> I would also change the default ssh port. Yes it is security by
>>> obscurity, but it does block virtually all the bots from guessing your
>>> password(if you have it enabled). I have disabled root ssh logins; if
>>> root tries to log in, they will get an "auth failed" msg even if they
>>> have put in the correct pw. You might also consider disabling remote
>>> ssh password logins.
>> I run Fail2Ban on my various servers, and I think all but one of them are
>> running SSH on non-default ports. Coincidentally enough, the only server
>> where I ever -- EVER -- get SSH hacker alerts is the one where SSH is
>> running on the default port.
> fail2ban is a great program for a lot of things, but there are better
> ways to secure SSH on Linux.
>
> In your IPTables config, use the following line as your "allow ssh" line:
>
> -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m limit
> --limit 1/min --limit-burst 4 -j ACCEPT
>
> Now you have built-in protection against brute-force attacks at the
> kernel-level, without relying on an external program, or recognizing
> the failed logins later via log watching.
>
That is swank, thank you!
More information about the OLUG
mailing list