Le 13/11/2010 12:06, Patrick Elsen a écrit :
So, you can see the pattern: random IPs trying to log in as root... This might be usual for servers, but still, what do you suggest me to do to prevent people from gaining access? I do have a secure password, and I have been suggested to move the ssh port and stuf, does anyone have any more suggestions?
First of all, you should never allow direct root login using a password, which is far too dangerous, but only allow root login through a RSA/DSA key instead (see "PermitRootLogin" in "man sshd_config").
Secondly, you could even forbit direct root login at all by setting up a normal user with root sudo access and then restricting SSH login to this user only (see "AllowUsers" or "AllowGroups" in "man sshd_config").
Thirdly, changing the port will strongly reduce the logs, because the usual attacks focus on the port 22, but it won't enhance the security of your SSH access! For that matter, I strongly recommend to use the "port knocking" approach, see here (or Google "port knocking iptables") for an example: http://www.debian-administration.org/articles/268
Cheers, J.C. -- Jean Christophe "プログフ" ANDRÉ — ✧ — Responsable technique régional Bureau Asie–Pacifique (BAP) — ✧ — http://www.asie-pacifique.auf.org/ Agence universitaire de la Francophonie (AuF) — ✧ — http://www.auf.org/ Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam Tél. : +84 4 9331108 ✦ Fax : +84 4 8247383 ✦ Cellul. : +84 91 3248747 ⎧ Note personnelle: merci d'éviter de m'envoyer des fichiers PowerPoint ⎫ ⎩ ou Word, cf http://www.gnu.org/philosophy/no-word-attachments.fr.html ⎭ _______________________________________________ POST RULES : http://wiki.hanoilug.org/hanoilug:mailing_list_guidelines _______________________________________________ HanoiLUG mailing lists: http://lists.hanoilug.org/ HanoiLUG wiki: http://wiki.hanoilug.org/ HanoiLUG blog: http://blog.hanoilug.org/
