Wednesday - October 20, 2004
stopping ssh hack attempts

I get a daily security e-mail from my web server alerting me to failed login attempts and other security issues and in the past few weeks (months?) I’ve been getting tens if not hundreds of failed attempts to login to my server. At first I thought I could resolve the issue by blocking the IP addresses in /etc/hosts.allow for the SSH server, but the attempts continued unabated.

I looked online for solutions and found a few sites mentioning the problem, but none of them had solutions I liked.

My solution was to first turn off root logins by setting the

PermitRootLogins no

in /etc/ssh/sshd_config. I should have done that a long time ago, but I hadn’t thought of it until now. My second step was to only allow logins from one group. It’s not ultra-secure and I’m sure there are better ways, but that limits the number of users I have to keep track of who have access to my machine, and for now that’s good enough for me.

I found several other links related to this issue which I’ve included here for your perusal.

Unix Girl
Unix Girl 2
Seclists.org
Linode.com
Drinsama.de
Verbum.org
Sans.org
Heal your church







# of readers
- home
meta
comics
news links
other links

about me
blog archives
docs
entertainment
experiences
funny lists
humor
intellectual
interests
mefi
music
opinions
photos
web designs
tools
webmaster help

Sign up
Enter your e-mail address to be notified of new posts



Search blog archives

Calendar
October 2004
S M T W T F S
« Sep   Nov »
 12
3456789
10111213141516
17181920212223
24252627282930
31  



Random quote
(View all quotes)
"A dull pencil is better than a sharp mind."










Licensed under Creative Commons
(?) Choose theme:  X X X X X X


W3CCSS
Loaded in 0.1088 seconds