Re: [gentoo-user] OpenSSH security

[Mick <michaelkintzios@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 1581 bytes --]

On Tuesday 07 November 2006 20:04, Brian Davis wrote:
> In addition to fail2ban, look at deny2hosts and sshdfilter.
>
> fire-eyes wrote:
> > James Colby wrote:
> >> List members -
[snip]
> >> My Gentoo box is connected to a linksys router connected to my cable
> >> modem, the linksys is doing port forwarding to my gentoo box.  Also, I
> >> would like to avoid limiting which IP addresses can log into my SSH
> >> server

> > What you're seeing is a common, automated dictionary style attack. There
> > are several ways to get rid of them.
[snip]
> > The next less-simple way is to change the port sshd listens on. The
> > scripts assume the default of 22.

I use this as it is trivial to edit the sshd port No on /etc/ssh/sshd_config 
and /etc/ssh/ssh_config on the client.  However, you need to change the ssh 
client port back to 22 (or specify it on the command line) next time you 
connect to a production server.

> > The best way is to change the port sshd listens on, and also move to key
> > based authentication, and disable password based authentication. In this
> > way, even if they got the port, got a real user name, and had the right
> > password, it would not matter -- They haven't got the key.

I also use this option.  Dictionary attacks are totally ineffective as no user 
login passwds are accepted - full stop.  Only to add to the above that even 
if they have the private key, they will still need the secret passphrase to 
be able to use it.

You may also want to look in the wiki for port-knocking.
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]