[cumbria_lug] Preventing SSH attacks

Ian Linwood ian_linwood_clug at dinwoodie.freeuk.com
Sat Jan 22 14:02:58 GMT 2005


Hello Schwuk,

Thursday, January 20, 2005, 2:49:41 PM, you wrote:

S> Seeing as we have at least one firewall expert on here...

S> I've found a technique for preventing the common SSH login attack (which
S> my web server suffers from), and wondered what people thought of it
S> before I tried implementing it.

S> http://www.soloport.com/iptables.html

By Euan Hogg

I thought it would be nice to watch port 22 auth failure logs
happening - means you've got it right.  It's the ones that say
Authentication successful for IP_NEVERHEARDOF that would give me the
willies.

Just a wee thought - what happens if you get scanned whilst you are
engaged in an ssh session - surely the scan will close your port 22.

Best just not allow port 22 traffic from the outside world unless you
really, really need it and follow the advice that Luke gave - stick to
hostbased key authentication, avoid root access and su if required.

-- 
Best regards,
 Euan




More information about the Cumbria mailing list