Re: [HanoiLUG] Server Login Attempts

Patrick Elsen Sat, 13 Nov 2010 00:55:18 -0800

Thank you people ;) I wasnt expecting such a fast reply.

I will change port to something else once my friend is online with whomi am sharing the server. I will set up a RSA/DSA key when I get to, andalso make users for me and my friend.

To the port knocking: I will test in in a virtual machine, and if itworks well I might implement it. I am only a bit scared that I dosomething wrong and i can't log in anymore.


Again, thanks for he fast reply!

On 11.13.2010 3:13 PM, Truong Anh. Tuan wrote:

----- Original Message -----

From: "Jean Christophe André"<[email protected]>
To: "Hanoi Linux Users Group"<[email protected]>
Cc: [email protected]
Sent: Saturday, November 13, 2010 12:25:34 PM
Subject: Re: [HanoiLUG] Server Login Attempts
Le 13/11/2010 12:06, Patrick Elsen a écrit :

So, you can see the pattern: random IPs trying to log in as root...
This might be usual for servers, but still, what do you suggest me to
do to prevent people from gaining access? I do have a secure password,
and I have been suggested to move the ssh port and stuf, does anyone
have any more suggestions?

First of all, you should never allow direct root login using a password,
which is far too dangerous, but only allow root login through a RSA/DSA
key instead (see "PermitRootLogin" in "man sshd_config").

+1.

Secondly, you could even forbit direct root login at all by setting up a
normal user with root sudo access and then restricting SSH login to this
user only (see "AllowUsers" or "AllowGroups" in "man sshd_config").

+1.

Thirdly, changing the port will strongly reduce the logs, because the
usual attacks focus on the port 22, but it won't enhance the security of
your SSH access! For that matter, I strongly recommend to use the "port
knocking" approach, see here (or Google "port knocking iptables") for an
example: http://www.debian-administration.org/articles/268

You can also try some kinds of this tool: http://www.fail2ban.org/
It read the logs and ban IP with too many failed attempts.

Kind regards,
Tuan
_______________________________________________
POST RULES : http://wiki.hanoilug.org/hanoilug:mailing_list_guidelines
_______________________________________________
HanoiLUG mailing lists: http://lists.hanoilug.org/
HanoiLUG wiki: http://wiki.hanoilug.org/
HanoiLUG blog: http://blog.hanoilug.org/


_______________________________________________
POST RULES : http://wiki.hanoilug.org/hanoilug:mailing_list_guidelines
_______________________________________________
HanoiLUG mailing lists: http://lists.hanoilug.org/
HanoiLUG wiki: http://wiki.hanoilug.org/
HanoiLUG blog: http://blog.hanoilug.org/

Re: [HanoiLUG] Server Login Attempts

Trả lời cho