Hack attempt, best way to secure? - SSH

This is a discussion on Hack attempt, best way to secure? - SSH ; I've just been looking through my auth logs and notice hundreds of failed sshd login attempts over the last week or so. sshd is untweaked so will be running standard settings for debian etch. What should I be doing to ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Hack attempt, best way to secure?

  1. Hack attempt, best way to secure?

    I've just been looking through my auth logs and notice hundreds of failed
    sshd login attempts over the last week or so. sshd is untweaked so will
    be running standard settings for debian etch. What should I be doing to
    harden sshd to reduce hack success? I've made a note of all the IP's used
    and times of attempts so far but thats all.

    thanks

    Gav

  2. Re: Hack attempt, best way to secure?

    Install and configure fail2ban or a similar package to monitor your
    logs and automatically shut down connections from IP addresses that try
    to hack into your machine.

    --
    Help stop the genocide in Darfur!
    http://www.genocideintervention.net/

  3. Re: Hack attempt, best way to secure?

    Gav writes:

    > I've just been looking through my auth logs and notice hundreds of failed
    > sshd login attempts over the last week or so. sshd is untweaked so will
    > be running standard settings for debian etch. What should I be doing to
    > harden sshd to reduce hack success? I've made a note of all the IP's used
    > and times of attempts so far but thats all.


    Move it off port 22 and you'll see a marked reduction in these script
    kiddie dictionary attacks.

    --
    Todd H.
    http://www.toddh.net/

  4. Re: Hack attempt, best way to secure?

    On Mon, 25 Feb 2008 19:42:29 -0600, Todd H. wrote:

    > Gav writes:
    >
    >> I've just been looking through my auth logs and notice hundreds of
    >> failed sshd login attempts over the last week or so. sshd is untweaked
    >> so will be running standard settings for debian etch. What should I be
    >> doing to harden sshd to reduce hack success? I've made a note of all
    >> the IP's used and times of attempts so far but thats all.

    >
    > Move it off port 22 and you'll see a marked reduction in these script
    > kiddie dictionary attacks.


    And that way, when somebody is trying to connect to your box
    using a ISP that does traffic management, they'll get crappy performance
    or won't be able to connect at all.



  5. Re: Hack attempt, best way to secure?

    Ivar Rosquist writes:

    > On Mon, 25 Feb 2008 19:42:29 -0600, Todd H. wrote:
    >
    >> Gav writes:
    >>
    >>> I've just been looking through my auth logs and notice hundreds of
    >>> failed sshd login attempts over the last week or so. sshd is untweaked
    >>> so will be running standard settings for debian etch. What should I be
    >>> doing to harden sshd to reduce hack success? I've made a note of all
    >>> the IP's used and times of attempts so far but thats all.

    >>
    >> Move it off port 22 and you'll see a marked reduction in these script
    >> kiddie dictionary attacks.

    >
    > And that way, when somebody is trying to connect to your box
    > using a ISP that does traffic management, they'll get crappy performance
    > or won't be able to connect at all.


    s/when/if/

    Comes down to requirements.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/

  6. Re: Hack attempt, best way to secure?

    On 2008-02-26, Gav wrote:
    > I've just been looking through my auth logs and notice hundreds of failed
    > sshd login attempts over the last week or so. sshd is untweaked so will
    > be running standard settings for debian etch. What should I be doing to
    > harden sshd to reduce hack success? I've made a note of all the IP's used
    > and times of attempts so far but thats all.
    >
    > thanks
    >

    Your best course of action is to firewall your box so that ssh is
    only allowed from IP addresses you use. Second best is to at least
    firewall out the addresses you're seeing attacks coming from.

    --
    Christopher Mattern

    NOTICE
    Thank you for noticing this new notice
    Your noticing it has been noted
    And will be reported to the authorities

  7. Re: Hack attempt, best way to secure?

    Chris Mattern wrote:
    > On 2008-02-26, Gav wrote:
    > > I've just been looking through my auth logs and notice hundreds of failed
    > > sshd login attempts over the last week or so. sshd is untweaked so will
    > > be running standard settings for debian etch. What should I be doing to
    > > harden sshd to reduce hack success? I've made a note of all the IP's used
    > > and times of attempts so far but thats all.
    > >
    > > thanks
    > >

    > Your best course of action is to firewall your box so that ssh is
    > only allowed from IP addresses you use. Second best is to at least
    > firewall out the addresses you're seeing attacks coming from.
    >

    I do this and it's cut down the attacks from tens/hundreds a day to
    nil, the 'attacks' I see now are the ones where I mis-type the
    password myself!

    I can still access my system from anywhere as I have a couple of ssh
    login accounts on publically available systems so I can login in to
    one of those systems from anywhere and thence (because the IP is
    specifically allowed by my firewall) to my home system. It's a tiny
    reduction in security but just about negligable, someone would have to
    break into the hosting ssh system and then know that my home system
    was available from there.

    --
    Chris Green

+ Reply to Thread