Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Quail_Linux on July 26, 2005, 12:14:24 PM

Title: [Howto] block SSH Attacks
Post by: Quail_Linux on July 26, 2005, 12:14:24 PM

The SSH attacks that are doing the rounds have already been mentioned here a number of times in the past.

Nice perl script here to counter the problem :
http://www.lumiere.net/~j/login_sentry/

# description:
# Perl daemon that automatically adds hosts that \
# repeatedly fail ssh login attempts to /etc/hosts.deny.

Title: [Howto] block SSH Attacks
Post by: Brenno on July 26, 2005, 03:38:15 PM

Seems like a great tool!  Anybody tried this yet?  (I hate being the first to get my feet wet as I'm not the best "swimmer" when it comes to fixing problems!)

Title: [Howto] block SSH Attacks
Post by: BrunoGarin on July 26, 2005, 10:10:38 PM

Hummm ... ???

I don't know if this is very usefull because on SME the hosts.deny files is already fermely closed

all: all

What do you need more ... ?

Title: Re: [Howto] block SSH Attacks
Post by: gordonr on July 27, 2005, 03:17:11 AM

Quote from: "Quail_Linux"

# Perl daemon that automatically adds hosts that \
# repeatedly fail ssh login attempts to /etc/hosts.deny.

- Only use SSH public key authentication - avoid password authentication
- Use SSH protocol version 2
- Limit the hosts which can access the SSH port to only those ones you care about:

http://forums.contribs.org/index.php?topic=27855.msg115824#msg115824

- Active intervention scripts, such as the one above, have been known to provide avenues for denial of service.

Title: [Howto] block SSH Attacks
Post by: mackayr on July 29, 2005, 05:13:01 PM

I'd like to secure my SSH port to those that are in a particular range.  What is the syntax for this?  For example, say that I want to allow access from any user in the range XXX.XXX.XXX.5 - XXX.XXX.XXX.58.  How would this be written (aside from making each entry separately).

Thanks,

Rob