[wellylug] Securing my ssh box
David Antliff
david.antliff at gmail.com
Wed Aug 23 10:31:08 NZST 2006
On Tue, 22 Aug 2006, Jim Cheetham wrote:
> Also consider deploying something like DenyHosts
> (http://denyhsts.sf.net), which will look at the ssh logs, spot people
> trying to break in, and blacklist them (in tcpwrappers by default),
> which prevents them from connecting to the machine at all. Blacklisting
> is dangerous; you *must* ensure that it will not blacklist your own
> connections, or else you will lose access to the machine.
This utility sounds really handy, even if it's just used for monitoring.
My SSH port gets hammered frequently and although I don't think any
attack has been successful, it makes sense to cut them off early. I looked
into port knocking and this would work quite well except the firewalls I
am often behind are (annoyingly) restricted on outgoing connections so I
can't 'knock' on arbitrary ports.
The FAQ there also has a brief section on making SSH more secure.
Essentially the same as the advice already offered.
http://denyhosts.sourceforge.net/faq.html#1_0 (section A. 1.3)
--
David.
More information about the wellylug
mailing list