Re: SSH Attacks - What to do?

[Robert Citek <rwcitek@alum.calberkeley.org>]

On Jul 27, 2005, at 3:31 PM, Jimmy Buitt wrote:
> A number of things you can do:
>
> 1.) Set up public and private keys for you and your son and only  
> allow public-key authentication.  See the OpenSSH documentation or  
> contact me off-line for help with that.
>
> 2.) Set SSH to use a different port (e.g. 2022).  This won't  
> completely prevent SSH scans but it will sure lessen them.
>
> 3.) Put an "AllowUsers user1 user2 .." line in your /etc/ssh/ 
> sshd_config file to only allow specific users to your system.
>
> That's all I can think of at the moment.  There's probably more.   
> Hope that helps!

Those are all good ideas.  In addition:

4) use only DSA keys.  see /etc/ssh/sshd_config

5) disable root login in /etc/ssh/shh: PermitRootLogin no

6) put IP/hostnames in /etc/hosts.{allow,deny}: http://www.cwelug.org/ 
cgi-bin/wiki.cgi?Banlist#ssh

7) setup firewall rules, but these are a pain especially if the IP  
address of legitimate users changes.

In my experience, items 1-5 tend to be sufficient.  Items 6 and 7  
only really work with static IPs.

Good luck and let us know what you go with.

Regards,
- Robert
http://www.cwelug.org/downloads
Help others get OpenSource software.  Distribute FLOSS
for Windows, Linux, *BSD, and MacOS X with BitTorrent


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.