How to secure the SSH login @ my Linux box

Protecting your Linux box

How to secure the SSH login @ my Linux box

Postby hyperlinux » Sun Jan 28, 2007 6:41 pm

Assalam u Alaikum
i have problem in my linux SSH server peoplez try to login to server through ssh. How i want to block those attempts? if some buddy tries for 3rd time wrong password the linux block its IP like that. ... . . :)
can any budy u guyz help me out in this regard
Thnx
Muhammad Amir Iqbal
WireOnn Network
http://www.wireonn.com
Contact # +92-345-2089773

Register Linux User #435086
hyperlinux
Lance Naik
 
Posts: 27
Joined: Thu Nov 09, 2006 10:47 pm
Website: http://hypernet.homelinux.com
WLM: mamir_73@yahoo.com
Yahoo Messenger: mamir_73@yahoo.com
Location: Karachi

Re: How to secure the SSH login @ my Linux box

Postby lambda » Sun Jan 28, 2007 7:26 pm

if you want to block the ip after the third attempt, you can run a script that does "tail -F /var/log/secure.log" (or whatever the log file with the ssh attempts is called), and when it matches against an ip three times in, say, a minute, it can run "iptables -A INPUT -s ip.add.re.ss -j REJECT" or something.

it might help to age out old entries from the input chain every so often, too.

i could write it for you, but you need the exercise. use your brain!
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Thanx lambada

Postby hyperlinux » Mon Jan 29, 2007 12:59 am

thnx for u r quick reply i understand that u sey but can i do this in /etc/ssh/sshd.conf file and what abt. the knocking script what u suggest
Muhammad Amir Iqbal

WireOnn Network

http://www.wireonn.com

Contact # +92-345-2089773



Register Linux User #435086
hyperlinux
Lance Naik
 
Posts: 27
Joined: Thu Nov 09, 2006 10:47 pm
Website: http://hypernet.homelinux.com
WLM: mamir_73@yahoo.com
Yahoo Messenger: mamir_73@yahoo.com
Location: Karachi

Postby Saad Khan » Mon Jan 29, 2007 5:13 pm

check out this link to block ssh brute forcing attacks
http://www.csc.liv.ac.uk/~greg/sshdfilter/
Saad Khan
Company Havaldaar Major
 
Posts: 155
Joined: Sun Jun 11, 2006 6:19 pm
Location: Karachi

Re: Thanx lambada

Postby lambda » Mon Jan 29, 2007 8:02 pm

hyperlinux wrote:but can i do this in /etc/ssh/sshd.conf file
no, you can't.

what abt. the knocking script what u suggest
the one you write yourself. don't want to write one? use the package saad khan suggested.

you'll be a better person if you try to write one yourself, though.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby jargon » Tue Jan 30, 2007 11:02 am

I would also disable any root logins and turn off password authentication and use keys for authentication. that way people can try w/ passwords as much as they like and sshd will never comply since password authentication will be off. I might be making this last part up :)
jargon
jargon
Lieutenant Colonel
 
Posts: 691
Joined: Mon Oct 13, 2003 9:40 am

Postby abakali » Tue Jan 30, 2007 10:32 pm

best way to secure ssh disable root ssh login and define your own user name to log on the ssh server
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
abakali
Naik
 
Posts: 91
Joined: Wed Jun 01, 2005 5:38 pm

Postby lambda » Tue Jan 30, 2007 10:50 pm

do what jargon says. simply disabling logins as root will not secure your system.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron