On 23 Nov 2006, at 16:30, Ewan Oughton wrote:
> I had quite an issue with ssh brute force attacks on a box on my
> adsl line at home - I did the following to defeat it
Have to say that implementing port-knocking was the single most
effective thing I did to cut back on SSH attacks. Sure, it's
security by obscurity, but in addition to taking sensible precautions
(as you did), it really helps.
http://www.shorewall.net/PortKnocking.html explains how to do it in
Shorewall. I've actually done 2-stage knocking on my home system,
but that's paranoid overkill.
> Added iptables rule to allow only 3 ssh connections/min from a
> given IP. Any further goes to the TARPIT for 15 mins. Remember to
> add it to your startup scripts somewhere.
>> Turned off remote root login.
>> Turned off password-based ssh logins, allowing only password-
> protected keyed users to log in.
>> Removed any defunct users.
>>>>>> My [secure|auth].log now looks a lot cleaner.
>>>> Ewan Oughton B.Sc. Comp Sys
> DB / AnonFTP / Orac Root Admin SkyNet
>>> On Thu, 23 Nov 2006, Niall O Broin wrote:
>>> On 23 Nov 2006, at 15:42, paul at clubi.ie wrote:
>>>>>> Good comments already mentioned but I can't believe noone has
>>>> mentioned key based authentication for the 1 user who requires
>>>> sshd access, that will mitigate the problem of people stealing
>>>> passwords :-)
>>> And open the problem that the security of the key is 'outsourced'
>>> to remote boxes.
>>> SSH keys are not a magic wand
>>>> You blow this particular horn quite frequently Paul, but the fact
>> remains that when the question is "How do I defend against ssh
>> brute force attacks?" one of the useful answers is "Use ssh keys".
>>>> Authentication method Attack vector
>>>> Password Compromise password || brute force
>> SSH key Obtain key && compromise password
>>>>>> It's not really a question of "magic bullets", more a question of
>> how you minimise your exposure.
>> Irish Linux Users' Group mailing list
>> About this list : http://mail.linux.ie/mailman/listinfo/ilug>> Who we are : http://www.linux.ie/>> Where we are : http://www.linux.ie/map/> --
> Irish Linux Users' Group mailing list
> About this list : http://mail.linux.ie/mailman/listinfo/ilug> Who we are : http://www.linux.ie/> Where we are : http://www.linux.ie/map/>
Colm Buckley / colm at tuatha.org / +353 87 2469146 / www.colm.buckley.name
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!