Amidst a tangled web   Tuesday Sep 07, 2010 - 19:01 UTC  
     site map contact

stopping ssh hack attempts

I get a daily security e-mail from my web server alerting me to failed login attempts and other security issues and in the past few weeks (months?) I’ve been getting tens if not hundreds of failed attempts to login to my server. At first I thought I could resolve the issue by blocking the IP addresses in /etc/hosts.allow for the SSH server, but the attempts continued unabated.

I looked online for solutions and found a few sites mentioning the problem, but none of them had solutions I liked.

My solution was to first turn off root logins by setting the 

PermitRootLogins no

in /etc/ssh/sshd_config. I should have done that a long time ago, but I hadn’t thought of it until now. My second step was to only allow logins from one group. It’s not ultra-secure and I’m sure there are better ways, but that limits the number of users I have to keep track of who have access to my machine, and for now that’s good enough for me.

I found several other links related to this issue which I’ve included here for your perusal.

Unix Girl
Unix Girl 2
Seclists.org
Linode.com
Drinsama.de
Verbum.org
Sans.org
Heal your church

Potentially related posts
  »  Permalink | Comments (3) | Linux





Number of readers
- home
comics
news links
other links

about me
blog archives
docs
entertainment
experiences
funny lists
humor
intellectual
interests
mefi
music
opinions
photos
web designs
tools
software
webmaster help

Sign up
Enter your email address to be notified of new posts



Search blog archives

Calendar
October 2004
S M T W T F S
« Sep   Nov »
 12
3456789
10111213141516
17181920212223
24252627282930
31  







Random quote
(View all quotes)
"When I hear somebody sigh, life is hard, I am always tempted to ask, compared to what? -- Sydney Harris"




Licensed under Creative Commons
(?) Choose theme:  X X X X X X


W3CCSS
Loaded in 0.0573 seconds