How to secure the SSH login @ my Linux box

Protecting your Linux box
Post Reply
hyperlinux
Lance Naik
Posts: 27
Joined: Thu Nov 09, 2006 10:47 pm
Location: Karachi
Contact:

How to secure the SSH login @ my Linux box

Post by hyperlinux »

Assalam u Alaikum
i have problem in my linux SSH server peoplez try to login to server through ssh. How i want to block those attempts? if some buddy tries for 3rd time wrong password the linux block its IP like that. ... . . :)
can any budy u guyz help me out in this regard
Thnx
Muhammad Amir Iqbal
WireOnn Network
http://www.wireonn.com
Contact # +92-345-2089773

Register Linux User #435086
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: How to secure the SSH login @ my Linux box

Post by lambda »

if you want to block the ip after the third attempt, you can run a script that does "tail -F /var/log/secure.log" (or whatever the log file with the ssh attempts is called), and when it matches against an ip three times in, say, a minute, it can run "iptables -A INPUT -s ip.add.re.ss -j REJECT" or something.

it might help to age out old entries from the input chain every so often, too.

i could write it for you, but you need the exercise. use your brain!
hyperlinux
Lance Naik
Posts: 27
Joined: Thu Nov 09, 2006 10:47 pm
Location: Karachi
Contact:

Thanx lambada

Post by hyperlinux »

thnx for u r quick reply i understand that u sey but can i do this in /etc/ssh/sshd.conf file and what abt. the knocking script what u suggest
Muhammad Amir Iqbal
WireOnn Network
http://www.wireonn.com
Contact # +92-345-2089773

Register Linux User #435086
Saad Khan
Company Havaldaar Major
Posts: 155
Joined: Sun Jun 11, 2006 6:19 pm
Location: Karachi

Post by Saad Khan »

check out this link to block ssh brute forcing attacks
http://www.csc.liv.ac.uk/~greg/sshdfilter/
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: Thanx lambada

Post by lambda »

hyperlinux wrote:but can i do this in /etc/ssh/sshd.conf file
no, you can't.
what abt. the knocking script what u suggest
the one you write yourself. don't want to write one? use the package saad khan suggested.

you'll be a better person if you try to write one yourself, though.
jargon
Lieutenant Colonel
Posts: 691
Joined: Mon Oct 13, 2003 9:40 am

Post by jargon »

I would also disable any root logins and turn off password authentication and use keys for authentication. that way people can try w/ passwords as much as they like and sshd will never comply since password authentication will be off. I might be making this last part up :)
jargon
abakali
Naik
Posts: 91
Joined: Wed Jun 01, 2005 5:38 pm

Post by abakali »

best way to secure ssh disable root ssh login and define your own user name to log on the ssh server
Asif Bakali !
Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...).
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

do what jargon says. simply disabling logins as root will not secure your system.
Post Reply