These are archived pages, most of them date back to 2007-2012. This content might not be relevant or accurate anymore.

Securing SSH

Obviously the first step is to make sure root can’t log in. Disable password authentication (if possible and desirable). Maybe test for weak passwords with john or disable SSH login for users which are not trusted (or enforce password policy).

Banning bruteforce

denyhosts or fail2ban (http://debaday.debian.net/2007/04/29/fail2ban-an-enemy-of-script-kiddies/ – useful article and comments). Or you can use ipt_recent module for iptables:

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent \
         --name sshblacklist --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent \
         --name sshblacklist --update --seconds 60 --hitcount 3 -j DROP
iptables -A INPUT -j ACCEPT -p tcp --dport 22 -m state --state NEW

Note to editors

Warn before any “security by obscurity” tips (like port knocking or using non-standard port).

 
 
 
disorder's homepage