[cumbria_lug] Preventing SSH attacks
luke at antins.co.uk
luke at antins.co.uk
Thu Jan 20 16:03:40 GMT 2005
That looks interesting! I've looked into using some kind of port knocking
concept to enable / disable access to my IMAP server that runs at home,
I'll be giving this a try for sure!
If your testing it on a remote server, I suggest you do not have the
firewall script load on boot until your happy is working fine, if for
whatever reason your locked out a simple reboot will get you access again.
Once your happy is working, then make it start on boot.
Just some suggestions for securing up ssh a bit...
- Use ssh keys and set PasswordAuthentication to "no" in your
/etc/ssh/sshd_config file. This will only allow people to connect if
they have a ssh key configured.
- Disable root logins, set PermitRootLogin to "no".
You should never login as root, login as a normal user and then su to
root or use sudo for doing what you need done.
- Disable ssh protocol, only allow ssh protocol 2 . (set Protocol to "2")
- Make sure all users in /etc/passwd that does not require shell access to
have there shell set to /bin/false (or something similar)
I've seen users like "mysql" (used for running the mysql server) with a
shell of /bin/bash, it does not need shell access so why give it the
option to ever do so!
I'm sure there's a few things I've forgot, but its a start :)
Kind Regards
Luke Antins
On Thu, 20 Jan 2005, Schwuk wrote:
> Seeing as we have at least one firewall expert on here...
>
> I've found a technique for preventing the common SSH login attack (which
> my web server suffers from), and wondered what people thought of it
> before I tried implementing it.
>
> http://www.soloport.com/iptables.html
>
> Cheers,
> --
> Schwuk - http://www.schwuk.com/
> Cumbria LUG - http://www.cumbria.lug.org.uk/
>
More information about the Cumbria
mailing list