How to secure the SSH login @ my Linux box

Protecting your Linux box
hyperlinux
Lance Naik
Posts: 27
Joined: Thu Nov 09, 2006 10:47 pm
Location: Karachi
Contact:

How to secure the SSH login @ my Linux box

Postby hyperlinux » Sun Jan 28, 2007 6:41 pm

Assalam u Alaikum
i have problem in my linux SSH server peoplez try to login to server through ssh. How i want to block those attempts? if some buddy tries for 3rd time wrong password the linux block its IP like that. ... . . :)
can any budy u guyz help me out in this regard
Thnx
Muhammad Amir Iqbal
WireOnn Network
http://www.wireonn.com
Contact # +92-345-2089773

Register Linux User #435086

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: How to secure the SSH login @ my Linux box

Postby lambda » Sun Jan 28, 2007 7:26 pm

if you want to block the ip after the third attempt, you can run a script that does "tail -F /var/log/secure.log" (or whatever the log file with the ssh attempts is called), and when it matches against an ip three times in, say, a minute, it can run "iptables -A INPUT -s ip.add.re.ss -j REJECT" or something.

it might help to age out old entries from the input chain every so often, too.

i could write it for you, but you need the exercise. use your brain!

hyperlinux
Lance Naik
Posts: 27
Joined: Thu Nov 09, 2006 10:47 pm
Location: Karachi
Contact:

Thanx lambada

Postby hyperlinux » Mon Jan 29, 2007 12:59 am

thnx for u r quick reply i understand that u sey but can i do this in /etc/ssh/sshd.conf file and what abt. the knocking script what u suggest
Muhammad Amir Iqbal

WireOnn Network

http://www.wireonn.com

Contact # +92-345-2089773



Register Linux User #435086

Saad Khan
Company Havaldaar Major
Posts: 155
Joined: Sun Jun 11, 2006 6:19 pm
Location: Karachi

Postby Saad Khan » Mon Jan 29, 2007 5:13 pm

check out this link to block ssh brute forcing attacks
http://www.csc.liv.ac.uk/~greg/sshdfilter/

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: Thanx lambada

Postby lambda » Mon Jan 29, 2007 8:02 pm

hyperlinux wrote:but can i do this in /etc/ssh/sshd.conf file
no, you can't.

what abt. the knocking script what u suggest
the one you write yourself. don't want to write one? use the package saad khan suggested.

you'll be a better person if you try to write one yourself, though.

jargon
Lieutenant Colonel
Posts: 691
Joined: Mon Oct 13, 2003 9:40 am

Postby jargon » Tue Jan 30, 2007 11:02 am

I would also disable any root logins and turn off password authentication and use keys for authentication. that way people can try w/ passwords as much as they like and sshd will never comply since password authentication will be off. I might be making this last part up :)
jargon

abakali
Naik
Posts: 91
Joined: Wed Jun 01, 2005 5:38 pm

Postby abakali » Tue Jan 30, 2007 10:32 pm

best way to secure ssh disable root ssh login and define your own user name to log on the ssh server
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Tue Jan 30, 2007 10:50 pm

do what jargon says. simply disabling logins as root will not secure your system.


Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest