[kwlug-disc] Tightening up SSH

Johnny Ferguson hyperflexed at gmail.com
Tue Jul 20 20:57:24 EDT 2010


I must concur:

logwatch --service sshd

is gorgeous. Anyone know how I can get my system to store backups of 
logs? My var partition is quite large, and I wouldn't mind hanging on to 
them. I'm not sure if they're designed to do this automatically, or if I 
have to implement it myself.

-Johnny

On 07/20/2010 11:50 AM, Chris Irwin wrote:
> On Tue, 2010-07-20 at 10:10 -0400, Andrew Kohlsmith (mailing lists
> account) wrote:
>>> Changing the port number probably impacts, and irritates, you more
>>> than anyone else. Particularly with a properly secured port - as the
>>> poster is in the process of ensuring.
>
> I don't know about anybody else, but I usually connect remotely from the
> same machines: My laptop, and my work desktop. Just throw the hostname
> and port in ~/.ssh/config, and you'll never need to remember you're on a
> non-standard port.
>
>> I agree; this is why I don't move my ssh off of the standard port.  I put up
>> with the crapflooding, particularly because a) I know nobody's getting in
>> through ssh and b) I never check my logs for ssh attacks anyway.
>
> I left mine on 22 as well. I installed fail2ban and logwatch to keep an
> eye on things, though. After a few failed logins, fail2ban invokes the
> necessary iptables voodoo to drop connections from that IP.
>
> logwatch is very handy for analyzing your logs. It does a nice job of
> consolidating info ("22 failed attepts from 1.2.3.4", instead of having
> 22 lines containing duplicate info). It also displays successful
> connections, though that would probably be of limited use since anybody
> competent would sanitize auth.log...
>
>
>
>
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org





More information about the kwlug-disc mailing list