[GLLUG] Maybe OT - Fail2ban and what triggers it

Alain Williams addw at phcomp.co.uk
Mon Mar 18 10:21:58 UTC 2013


On Mon, Mar 18, 2013 at 09:47:15AM +0000, James Courtier-Dutton wrote:
> On 18 March 2013 07:39, Ken Smith <kens at kensnet.org> wrote:
> > Hi All,
> >
> > I have a hosted CentOS VM I use for various things. I'd noticed failed SSH
> > login's quite some time ago and had installed Fail2ban to thwart these. It
> > works really well.
> >
> 
> I protect from these by configuring the ssh server to only accept
> public/private key logins, and reject password based ones.
> So, you can be pretty sure none of the un-authorised attempts will work.
> 
> Another option is to use pre-auth.
> This pre-auth can be done in many different ways.
> 1) knocking on a specific combination of ports, in a specific order
> before hitting ssh port.
> 2) Sending a single specially encrypted packet and use that to open
> the ssh port to that specific host, if the authentication of that
> single packet passes. This method should not respond to the host
> sending the encrypted packet, resulting in a response of "no ports
> open" to any remote nmap scan on your server.
> Disadvantage is that you then have to implement the pre-auth on all
> authorised clients.

Which is a problem when I might need to login from different places :-(

Can you please point us to any complete write up of how to do the above. I have
seen the techniques mentioned, but a good HOWTO would be nice.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h>




More information about the GLLUG mailing list