Topic: SSH Access Attempts

[Craig Cabrey]

Simple question,
Is it possible to block a specific IP address? I have hundreds of entries in my sshd log file for an IP 210.205.6.42 (according to a few IP locators, South Korea O_o). 
Good thing I have a strong password and root access is denied! 
Thanks,Craig

[mmccarn]

You should be able to block all ssh access at the iptables level using

Code: [Select]

config setprop sshd DenyHosts 210.205.6.42
signal-even remoteaccess-update
Personally, I move SSH from port 22 to another port - which isn't a real security fix, but has eliminated all the ssh attack entries in my log files for the last 3 years.

Alternatively, the Denyhosts contrib automatically blocks any host that fails too many attempts to login to ssh.

[cactus]

You should be able to block all ssh access at the iptables level using

Code: [Select]

config setprop sshd DenyHosts 210.205.6.42
signal-even remoteaccess-update
Personally, I move SSH from port 22 to another port - which isn't a real security fix, but has eliminated all the ssh attack entries in my log files for the last 3 years.

Alternatively, the Denyhosts contrib automatically blocks any host that fails too many attempts to login to ssh.

The most secure alternative, not mentioned here so far is to use a public-private key pair, which is described here: http://wiki.contribs.org/SSH_Public-Private_Keys

[versa]

This might be worth a try also'
http://wiki.contribs.org/Denyhosts

[milaweb]

Another solution: Only SSH from the inside of your network, and then use VPN to get in there......

[Craig Cabrey]

Thanks everyone,
I have since generated a key pair and disabled password authentication.
However, I will also investigate the denyhosts contrib as I seemed to have missed that. But as of right now, all attacks have stopped.

Thanks again
Craig

[Stefano]

Another solution: Only SSH from the inside of your network, and then use VPN to get in there......

just to clarify: ssh security is far better than pptp vpn one..

so is better a ssh tunnel than a vpn.. even if the last is easier to configure

Ciao
Stefano

[beakersloco]

Another solution: Only SSH from the inside of your network, and then use VPN to get in there......

+1
I was going to say this also, this way the person has to know a login/password to get in via VPN then also has to know the password to login via ssh from inside your network to get to your network. Disable SSh access from outside your network.

If you need access to stuff then simply make ftp into the machine.

[CharlieBrady]

+1
I was going to say this also, this way the person has to know a login/password to get in via VPN then also has to know the password to login via ssh from inside your network to get to your network.

In other words, all they need is a login/password, so this is no more secure than just enabling SSH password access in the first place.

[cactus]

In other words, all they need is a login/password, so this is no more secure than just enabling SSH password access in the first place.

Hence my plea for private/public keys, which the OP seems to have implemented.

[Craig Cabrey]

Hence my plea for private/public keys, which the OP seems to have implemented.

Yes, I have and they are working well. It has the added benefit of not worrying about sending passwords over the internet (even though they are encrypted).
Craig