[kwlug-disc] Tightening up SSH
kb at 2bits.com
Mon Jul 19 10:09:11 EDT 2010
On Mon, Jul 19, 2010 at 8:37 AM, Johnny Ferguson <hyperflexed at gmail.com>wrote:
> I'm relatively new to SSH, though I've come to love it very quickly.
> Recently I've been seeing a lot of activity in /var/log/auth.log (of the
> sshd sort). Sometimes 5 straight hours of brute force attacks. I've
> currently only whitelisted a single user. While I feel reasonably safe and
> nothing has cracked yet, I live in constant fear of my account getting
> cracked open, at which time it would take no more than:
> sudo rm -rf /
> SO, just wondering what advice anyone could offer on hardening SSH. I might
> be a little paranoid, but I think it's still in the range of being healthy.
> P.S. How do 2 machines determine an encryption key and communicate this to
> eachother without giving the key away? Are there any good articles on how
> SSH works and what potential vulnerabilities are?
The single most effective thing you can do to prevent these types of attacks
is run ssh on a non standard port.
This will stop these automated scans right away.
Edit your sshd config (on Debian/Ubuntu it is in /etc/ssh/sshd_config), and
Restart ssh, and you are done.
This means that those who are logging in to your server need to specify the
new port, so instead of:
ssh myuser at example.com
They should use:
ssh -p2022 myuser at example.com
And for scp, they need to use the -P (upper case) instead.
If that gets tedious they can edit their .ssh/config file and add the port
there for each host.
They can now just use:
ssh ex2 or ssh ex, and ssh will fill in the port and user.
Khalid M. Baheyeldin
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the kwlug-disc