[kwlug-disc] Tightening up SSH
hyperflexed at gmail.com
Tue Jul 20 20:57:24 EDT 2010
I must concur:
logwatch --service sshd
is gorgeous. Anyone know how I can get my system to store backups of
logs? My var partition is quite large, and I wouldn't mind hanging on to
them. I'm not sure if they're designed to do this automatically, or if I
have to implement it myself.
On 07/20/2010 11:50 AM, Chris Irwin wrote:
> On Tue, 2010-07-20 at 10:10 -0400, Andrew Kohlsmith (mailing lists
> account) wrote:
>>> Changing the port number probably impacts, and irritates, you more
>>> than anyone else. Particularly with a properly secured port - as the
>>> poster is in the process of ensuring.
> I don't know about anybody else, but I usually connect remotely from the
> same machines: My laptop, and my work desktop. Just throw the hostname
> and port in ~/.ssh/config, and you'll never need to remember you're on a
> non-standard port.
>> I agree; this is why I don't move my ssh off of the standard port. I put up
>> with the crapflooding, particularly because a) I know nobody's getting in
>> through ssh and b) I never check my logs for ssh attacks anyway.
> I left mine on 22 as well. I installed fail2ban and logwatch to keep an
> eye on things, though. After a few failed logins, fail2ban invokes the
> necessary iptables voodoo to drop connections from that IP.
> logwatch is very handy for analyzing your logs. It does a nice job of
> consolidating info ("22 failed attepts from 188.8.131.52", instead of having
> 22 lines containing duplicate info). It also displays successful
> connections, though that would probably be of limited use since anybody
> competent would sanitize auth.log...
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
More information about the kwlug-disc