[kwlug-disc] Tightening up SSH

Khalid Baheyeldin kb at 2bits.com
Mon Jul 19 10:09:11 EDT 2010

On Mon, Jul 19, 2010 at 8:37 AM, Johnny Ferguson <hyperflexed at gmail.com>wrote:

> I'm relatively new to SSH, though I've come to love it very quickly.
> Recently I've been seeing a lot of activity in /var/log/auth.log (of the
> sshd sort). Sometimes 5 straight hours of brute force attacks. I've
> currently only whitelisted a single user. While I feel reasonably safe and
> nothing has cracked yet, I live in constant fear of my account getting
> cracked open, at which time it would take no more than:
> sudo rm -rf /
> SO, just wondering what advice anyone could offer on hardening SSH. I might
> be a little paranoid, but I think it's still in the range of being healthy.
> -Johnny
> P.S. How do 2 machines determine an encryption key and communicate this to
> eachother without giving the key away? Are there any good articles on how
> SSH works and what potential vulnerabilities are?

The single most effective thing you can do to prevent these types of attacks
is run ssh on a non standard port.

This will stop these automated scans right away.

Edit your sshd config (on Debian/Ubuntu it is in /etc/ssh/sshd_config), and

Port 22


Port 2123

Restart ssh, and you are done.

This means that those who are logging in to your server need to specify the
new port, so instead of:

ssh myuser at example.com

They should use:

ssh -p2022 myuser at example.com

And for scp, they need to use the -P (upper case) instead.

If that gets tedious they can edit their .ssh/config file and add the port
there for each host.

Host ex
  HostName example.com
  User myuser
  Port 2123

Host ex2
  HostName test2.example.com
  User otheruser
  Port 2123

They can now just use:

ssh ex2 or ssh ex, and ssh will fill in the port and user.

Khalid M. Baheyeldin
2bits.com, Inc.
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20100719/329309f3/attachment.html>

More information about the kwlug-disc mailing list