Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SSH brute force China and Linux: best practices

  • From: Peter Beckman
  • Date: Sat Jan 30 14:55:44 2010

On Sat, 30 Jan 2010, Bazy wrote:

On Sat, Jan 30, 2010 at 6:47 AM, Bobby Mac <bobbyjim@gmail.com> wrote:

So after many years of a hiatus from Linux,  I recently dropped XP in favour
of Fedora.  Now that my happy windows blinders are off, I see alarming
things.  Ugly ssh brute force, DNS server IP spoofing with scans and typical
script kiddie tactics.
Take a look at http://www.fail2ban.org and
http://denyhosts.sourceforge.net. I'm not Chinese but I'm sure that
brute-force attacks come from all over the world. Here's a little from
my logwatch.
 For securing ssh, better than either of those is sshguard.  fail2ban is a
 Python script, as is denyhosts.  Script-based services are fine, but
 native compiled code is better, lower memory, less overhead.

 sshguard is better because it's written in C, can read multiple log
 formats, can block for many popular services (dovecot, ftp daemons, even
 an imap daemon) and it works with many popular existing firewalls: pf,
 netfilter, iptables, ipfw, ipfilter, tcpd, even IBM's AIX firewall.

    http://www.sshguard.net/

 I've run it for 3 years now, solid as a rock.  Questions are quickly
 answered in the mailing lists by the lead developer Mij.

 Additionally, you may want to consider using SSH Key Authorization only,
 and disable password authentication.  This guarantees that brute force
 attacks will fail, because they only use username + Password (AFAICT), not
 random private keys.

 Here is a good article on how to enable Key-based auth (may already be
 enabled), as well as how to turn Password Auth off in ssh to
 protect/eliminate ssh brute force successes.

    http://www.debuntu.org/ssh-key-based-authentication

Beckman
---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman@angryox.com                                 http://www.angryox.com/
---------------------------------------------------------------------------



Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.