ewan at skynet.ie
Thu Nov 23 16:30:45 GMT 2006
I had quite an issue with ssh brute force attacks on a box on my adsl
line at home - I did the following to defeat it:
Added iptables rule to allow only 3 ssh connections/min from a given IP.
Any further goes to the TARPIT for 15 mins. Remember to add it to your
startup scripts somewhere.
Turned off remote root login.
Turned off password-based ssh logins, allowing only password-protected
keyed users to log in.
Removed any defunct users.
My [secure|auth].log now looks a lot cleaner.
Ewan Oughton B.Sc. Comp Sys
DB / AnonFTP / Orac Root Admin SkyNet
On Thu, 23 Nov 2006, Niall O Broin wrote:
> On 23 Nov 2006, at 15:42, paul at clubi.ie wrote:
>>> Good comments already mentioned but I can't believe noone has mentioned
>>> key based authentication for the 1 user who requires sshd access, that
>>> will mitigate the problem of people stealing passwords :-)
>> And open the problem that the security of the key is 'outsourced' to remote
>> SSH keys are not a magic wand
> You blow this particular horn quite frequently Paul, but the fact remains
> that when the question is "How do I defend against ssh brute force attacks?"
> one of the useful answers is "Use ssh keys".
> Authentication method Attack vector
> Password Compromise password || brute force
> SSH key Obtain key && compromise password
> It's not really a question of "magic bullets", more a question of how you
> minimise your exposure.
> Irish Linux Users' Group mailing list
> About this list : http://mail.linux.ie/mailman/listinfo/ilug
> Who we are : http://www.linux.ie/
> Where we are : http://www.linux.ie/map/
More information about the ILUG