[kwlug-disc] Tightening up SSH

Johnny Ferguson hyperflexed at gmail.com
Mon Jul 19 08:37:38 EDT 2010


I'm relatively new to SSH, though I've come to love it very quickly.

Recently I've been seeing a lot of activity in /var/log/auth.log (of the 
sshd sort). Sometimes 5 straight hours of brute force attacks. I've 
currently only whitelisted a single user. While I feel reasonably safe 
and nothing has cracked yet, I live in constant fear of my account 
getting cracked open, at which time it would take no more than:

sudo rm -rf /

SO, just wondering what advice anyone could offer on hardening SSH. I 
might be a little paranoid, but I think it's still in the range of being 
healthy.

-Johnny

P.S. How do 2 machines determine an encryption key and communicate this 
to eachother without giving the key away? Are there any good articles on 
how SSH works and what potential vulnerabilities are?





More information about the kwlug-disc mailing list