[ILUG] Breakins attempted - advice please

[Conor Daly]

On Wed, Aug 27, 2008 at 12:09:30PM +0100 or thereabouts, Paul Mullen wrote:
> Hi John,
> 
> John Kinsella wrote:
> >Hi,
> >no flames please!
> >
> >I'm being regularly subjected to what appear to auth.log (and me) to 
> >be attempted breakins on my office desktop machine (Ubuntu Hearty 
> >Heron with Firestarter firewall)
> >e.g.
> >
> >I'd like to keep sshd running so I can log in from home.
> >
> >Other than changine firewall settings to block all but my ISP's IP 
> >addresses for access via ssh is there anything else that I should be 
> >looking at?
> I'd look at fail2ban or hostdeny which will add a firewall rule after a 
> configurable number of failed login attempts from a host. Also only use 
> passphrase protected ssh keys to log into your box and turn off password 
> auth.

Blockhosts will do this as well but by updating /etc/hosts.allow rather than
the firewall.  I use it as my firewall is on a different machine.

You can also restrict users allowed connect by ssh with an 'AllowUsers '
line in /etc/ssh/sshd_config

Conor
-- 
Conor Daly,                   
Met Eireann, Glasnevin Hill,  
Dublin 9, Ireland             
Ph +3531 8064276 Fax +3531 8064247

*********************************************************************************
This e-mail and any files transmitted with it are confidential and intended solely for the addressee. If you have received this email in error please notify the sender.
This e-mail message has also been scanned for the presence of computer viruses.

Ta an riomhphost seo, agus aon chomhad ata nasctha leis, faoi run agus is don te a seoladh chuige amhain e. Ma tharla go bhfuair tu an riomhphost seo tri dhearmad cuir in iul don te a sheol e led' thoil.

Ta an teachtaireacht riomhphoist seo scuabtha le bogearrai frithvireas.
********************************************************************************
NorthBridge Mail Server id e9yrhg43fncvj3974vjenw