Re: [gentoo-user] OpenSSH security

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Brian Davis <bridavis@comcast.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] OpenSSH security
Date: Tue, 07 Nov 2006 15:04:46 -0500	[thread overview]
Message-ID: <4550E6DE.9070803@comcast.net> (raw)
In-Reply-To: <4550E4CC.6050400@fire-eyes.org>

In addition to fail2ban, look at deny2hosts and sshdfilter.

fire-eyes wrote:
> James Colby wrote:
>   
>> List members -
>>
>> I am running OpenSSH on my home gentoo server.  I was examining the
>> log files for OpenSSH and I noticed multiple login attempts from the
>> same IP address but with different user names.  Is there a simple way
>> that I can block an IP address from attempting to log in after
>> something like 3 failed login attempts?
>>
>> My Gentoo box is connected to a linksys router connected to my cable
>> modem, the linksys is doing port forwarding to my gentoo box.  Also, I
>> would like to avoid limiting which IP addresses can log into my SSH
>> server
>>
>> Thanks for any ideas,
>> James
>>     
>
>
> What you're seeing is a common, automated dictionary style attack. There
> are several ways to get rid of them.
>
> The simplest way is to install fail2ban and it will create firewall rules.
>
> The next less-simple way is to change the port sshd listens on. The
> scripts assume the default of 22.
>
> The best way is to change the port sshd listens on, and also move to key
> based authentication, and disable password based authentication. In this
> way, even if they got the port, got a real user name, and had the right
> password, it would not matter -- They haven't got the key.
>   
-- 
gentoo-user@gentoo.org mailing list

next prev parent reply	other threads:[~2006-11-07 20:09 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-07 19:51 [gentoo-user] OpenSSH security James Colby
2006-11-07 19:55 ` fire-eyes
2006-11-07 20:04   ` Brian Davis [this message]
2006-11-07 21:40     ` Pavel Sanda
2006-11-07 21:44       ` fire-eyes
2006-11-07 22:13         ` Mick
2006-11-07 21:52     ` Mick
2006-11-08  3:56       ` Jesper Fruergaard Andersen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4550E6DE.9070803@comcast.net \
    --to=bridavis@comcast.net \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox