Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: holck on November 30, 2010, 11:44:58 PM
-
I have my host accessible for administration from external IP addresses, but as an unfortunate consequence of this I often experience ssh break-in attempts, where some external machine tries lots of different user names and password.
I would like some feature like this script (http://www.pettingers.org/code/sshblack.html), that automatically black-lists outside hosts after a number of failed login attempts. Has anyone installed something like that on an SME-server?
Jesper, Denmark
-
holck
Why don'y you setup public private key access for ssh, see the Howto. That way it can be accessed from anywhere (that has the key) but is very safe & hackers will be unable to crack it. If you are roaming/travelling, you can carry the key file on a USB stick.
Alternatively you can specify the remote host IPs that are allowed to access via ssh, using db commands, see the FAQ.
-
another option is to set the ssh port to a nonstandard port number. It makes it harder to find.
-
I would like some feature like this script (http://www.pettingers.org/code/sshblack.html), that automatically black-lists outside hosts after a number of failed login attempts. Has anyone installed something like that on an SME-server?
Look at the denyhosts contrib: http://wiki.contribs.org/Denyhosts it does exactly what you want.
Regards, Daniel
-
Thank you very much, Daniel, you are quite right!