[ale] ssh brute-force

JD jdp at algoloma.com
Mon Feb 17 09:37:21 EST 2014


Securing ssh:
http://blog.jdpfu.com/2011/08/23/securing-ssh-connections-and-blocking-failures

The short version is:
* only allow key-based logins, never passwords
* use denyhosts or fail2ban
* change to a non-default port (any will do) - use port translation at the
router to make life easier, NOT on the server itself.
* do not allow direct root logins over ssh, even on the LAN.

On 02/17/2014 08:51 AM, Lightner, Jeff wrote:
> The reason why changing the port drops hits to near zero even if someone is doing a port scan is that the port scan doesn't tell them the port is ssh - just that it is open.   Of course doing a telnet to an open port might reveal that..
> 
> The fail2ban idea is a good one.  So is using the high number but you CAN do nmap for high numbers - most people just don't.  Security is all about hardening so the bad guys move on to easier targets.  Nothing is really going to stop the determined folks specifically targeting you but it will keep out most of the hit and run types and script kiddies.



More information about the Ale mailing list