[kwlug-disc] Tightening up SSH

Paul Nijjar paul_nijjar at yahoo.ca
Mon Jul 19 13:10:54 EDT 2010

On Mon, Jul 19, 2010 at 08:37:38AM -0400, Johnny Ferguson wrote:
> I'm relatively new to SSH, though I've come to love it very quickly.
> Recently I've been seeing a lot of activity in /var/log/auth.log (of the  
> sshd sort). Sometimes 5 straight hours of brute force attacks. I've  
> currently only whitelisted a single user. While I feel reasonably safe  
> and nothing has cracked yet, I live in constant fear of my account  
> getting cracked open, at which time it would take no more than:
> sudo rm -rf /
> SO, just wondering what advice anyone could offer on hardening SSH. I  
> might be a little paranoid, but I think it's still in the range of being  
> healthy.

I agree with the other advice, but one easy solution you can use in
addition is the "denyhosts" program. This will help lock out some of
the SSH worms from hammering at your door. 

This is probably less effective than changing your SSH port, but
nothing says that you have to choose just one or the other.
Personally, I deny root logins, explicitly list accounts or groups
that have SSH access, and use DenyHosts. Also I try to avoid running
SSH servers if I don't need them, and I especially try to prevent them
from being exposed to the wider internet. I probably should implement
some of the other good advice on this thread, as well. 

Also, there is exactly nothing that is paranoid about hardening your
SSH security. I have had a fresh installation hacked in a weekend with
a combination of a worm and a weak username/password combo. 

- Paul


More information about the kwlug-disc mailing list