LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] sshd

[ILUG] sshd

Colm Buckley colm at tuatha.org
Thu Nov 23 16:40:45 GMT 2006 

On 23 Nov 2006, at 16:30, Ewan Oughton wrote:

> I had quite an issue with ssh brute force attacks on a box on my  
> adsl line at home - I did the following to defeat it

Have to say that implementing port-knocking was the single most  
effective thing I did to cut back on SSH attacks.  Sure, it's  
security by obscurity, but in addition to taking sensible precautions  
(as you did), it really helps.

http://www.shorewall.net/PortKnocking.html explains how to do it in  
Shorewall.  I've actually done 2-stage knocking on my home system,  
but that's paranoid overkill.

	Colm

> Added iptables rule to allow only 3 ssh connections/min from a  
> given IP. Any further goes to the TARPIT for 15 mins. Remember to  
> add it to your startup scripts somewhere.
>
> Turned off remote root login.
>
> Turned off password-based ssh logins, allowing only password- 
> protected keyed users to log in.
>
> Removed any defunct users.
>
>
>
>
>
> My [secure|auth].log now looks a lot cleaner.
>
>
>
> Ewan
>
>
>
> Ewan Oughton B.Sc. Comp Sys
> DB / AnonFTP / Orac Root Admin SkyNet
>
>
> On Thu, 23 Nov 2006, Niall O Broin wrote:
>
>> On 23 Nov 2006, at 15:42, paul at clubi.ie wrote:
>>
>>>> Good comments already mentioned but I can't believe noone has  
>>>> mentioned key based authentication for the 1 user who requires  
>>>> sshd access, that will mitigate the problem of people stealing  
>>>> passwords :-)
>>> And open the problem that the security of the key is 'outsourced'  
>>> to remote boxes.
>>> SSH keys are not a magic wand
>>
>> You blow this particular horn quite frequently Paul, but the fact  
>> remains that when the question is "How do I defend against ssh  
>> brute force attacks?" one of the useful answers is "Use ssh keys".
>>
>> Authentication method		Attack vector
>>
>> Password			Compromise password || brute force
>> SSH key				Obtain key && compromise password
>>
>>
>> It's not really a question of "magic bullets", more a question of  
>> how you minimise your exposure.
>>
>>
>> Niall
>>
>>
>>
>>
>> -- 
>> Irish Linux Users' Group mailing list
>> About this list : http://mail.linux.ie/mailman/listinfo/ilug
>> Who we are : http://www.linux.ie/
>> Where we are : http://www.linux.ie/map/
> -- 
> Irish Linux Users' Group mailing list
> About this list : http://mail.linux.ie/mailman/listinfo/ilug
> Who we are : http://www.linux.ie/
> Where we are : http://www.linux.ie/map/
>


-- 
Colm Buckley / colm at tuatha.org / +353 87 2469146 / www.colm.buckley.name

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell