----- Original Message ----- > From: "Jean Christophe André" <[email protected]> > To: "Hanoi Linux Users Group" <[email protected]> > Cc: [email protected] > Sent: Saturday, November 13, 2010 12:25:34 PM > Subject: Re: [HanoiLUG] Server Login Attempts > Le 13/11/2010 12:06, Patrick Elsen a écrit : > > So, you can see the pattern: random IPs trying to log in as root... > > This might be usual for servers, but still, what do you suggest me to > > do to prevent people from gaining access? I do have a secure password, > > and I have been suggested to move the ssh port and stuf, does anyone > > have any more suggestions? > > First of all, you should never allow direct root login using a password, > which is far too dangerous, but only allow root login through a RSA/DSA > key instead (see "PermitRootLogin" in "man sshd_config").
+1. > Secondly, you could even forbit direct root login at all by setting up a > normal user with root sudo access and then restricting SSH login to this > user only (see "AllowUsers" or "AllowGroups" in "man sshd_config"). +1. > Thirdly, changing the port will strongly reduce the logs, because the > usual attacks focus on the port 22, but it won't enhance the security of > your SSH access! For that matter, I strongly recommend to use the "port > knocking" approach, see here (or Google "port knocking iptables") for an > example: http://www.debian-administration.org/articles/268 You can also try some kinds of this tool: http://www.fail2ban.org/ It read the logs and ban IP with too many failed attempts. Kind regards, Tuan _______________________________________________ POST RULES : http://wiki.hanoilug.org/hanoilug:mailing_list_guidelines _______________________________________________ HanoiLUG mailing lists: http://lists.hanoilug.org/ HanoiLUG wiki: http://wiki.hanoilug.org/ HanoiLUG blog: http://blog.hanoilug.org/
