Forums

Skip to content

Advanced search
  • Quick links
    • Unanswered topics
    • Active topics
    • Search
  • FAQ
  • Login
  • Register
  • Board index Assistance Networking & Security
  • Search

protecting ssh?

Having problems getting connected to the internet or running a server? Wondering about securing your box? Ask here.
Post Reply
Advanced search
9 posts • Page 1 of 1
Author
Message
Capt.Obvious
n00b
n00b
Posts: 67
Joined: Sat Mar 19, 2005 7:09 pm

protecting ssh?

  • Quote

Post by Capt.Obvious » Fri Oct 27, 2006 5:52 am

Greetings folks, thanks for taking the time to read this...

I have a number of gentoo boxes with only the sshd daemon exposed to the Internet. Now, we all know how people love to run scripts and hammer SSHD... a while ago I saw a PAM plug-in that would essentially blacklist an IP address on some configurable parameters (>3 attempts failed in 10 seconds, etc)...

What strategies do you use to protect SSHd? (Please keep in mind I log into these boxes from virtually anywhere, so IP masking them through my firewall isn't really an option... some good tricks? PAM options?

Thank you for your time.
Top
elgato319
Guru
Guru
Posts: 546
Joined: Thu Sep 15, 2005 9:45 am

  • Quote

Post by elgato319 » Fri Oct 27, 2006 6:38 am

I use denyhosts (it´s in portage) to protect my ssh. Works like a charm.

Or you can use public key authentification
http://gentoo-wiki.com/SECURITY_SSH_without_a_password
Top
Janne Pikkarainen
Veteran
Veteran
User avatar
Posts: 1143
Joined: Tue Jul 29, 2003 6:36 pm
Location: Helsinki, Finland
Contact:
Contact Janne Pikkarainen
Website

  • Quote

Post by Janne Pikkarainen » Fri Oct 27, 2006 10:08 am

I prefer fail2ban.
Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.".
Top
DooMi
Tux's lil' helper
Tux's lil' helper
User avatar
Posts: 103
Joined: Mon May 03, 2004 8:47 am
Location: /dev/null
Contact:
Contact DooMi
Website

  • Quote

Post by DooMi » Fri Oct 27, 2006 11:18 am

Janne Pikkarainen wrote:I prefer fail2ban.
just installed it, works like a bitch.
tip of the week :mrgreen:
cyrex ~ # ./vpenis
--- Weeee! Congrats! Your VPenis is actually 356.8 cm long ---
Top
Janne Pikkarainen
Veteran
Veteran
User avatar
Posts: 1143
Joined: Tue Jul 29, 2003 6:36 pm
Location: Helsinki, Finland
Contact:
Contact Janne Pikkarainen
Website

  • Quote

Post by Janne Pikkarainen » Fri Oct 27, 2006 11:21 am

DooMi wrote:just installed it, works like a bitch.
Metaphor of the week. 8)
Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.".
Top
bigbob73
Guru
Guru
User avatar
Posts: 332
Joined: Fri Dec 31, 2004 6:51 pm
Location: Under the Lone Star

  • Quote

Post by bigbob73 » Fri Oct 27, 2006 11:55 am

disable password logins and root logins and use keys. Also, I move mine to a non-standard port.
A computers attention span is only as long as it's electrical cord (Murphy)
Top
Capt.Obvious
n00b
n00b
Posts: 67
Joined: Sat Mar 19, 2005 7:09 pm

  • Quote

Post by Capt.Obvious » Fri Oct 27, 2006 1:21 pm

thanks! I'll go try some of that...
Top
batistuta
Veteran
Veteran
User avatar
Posts: 1384
Joined: Fri Jul 29, 2005 3:54 pm
Location: Aachen

  • Quote

Post by batistuta » Fri Oct 27, 2006 1:49 pm

could some of you guys post your ssh configuration file to check? Thanks!
Top
bigbob73
Guru
Guru
User avatar
Posts: 332
Joined: Fri Dec 31, 2004 6:51 pm
Location: Under the Lone Star

  • Quote

Post by bigbob73 » Sun Oct 29, 2006 11:07 pm

batistuta wrote:could some of you guys post your ssh configuration file to check? Thanks!
Port 2752
Protocol 2
ServerKeyBits 2048
SyslogFacility AUTH
LogLevel DEBUG
LoginGraceTime 30
PermitRootLogin no
RSAAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
Compression yes
KeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 4
AllowUsers bobby sftp-dads
Subsystem sftp /user/lib/misc/sftp-server
A computers attention span is only as long as it's electrical cord (Murphy)
Top
Post Reply
9 posts • Page 1 of 1

Return to “Networking & Security”

Jump to
  • Assistance
  • ↳   News & Announcements
  • ↳   Frequently Asked Questions
  • ↳   Installing Gentoo
  • ↳   Multimedia
  • ↳   Desktop Environments
  • ↳   Networking & Security
  • ↳   Kernel & Hardware
  • ↳   Portage & Programming
  • ↳   Gamers & Players
  • ↳   Other Things Gentoo
  • ↳   Unsupported Software
  • Discussion & Documentation
  • ↳   Documentation, Tips & Tricks
  • ↳   Gentoo Chat
  • ↳   Gentoo Forums Feedback
  • ↳   Duplicate Threads
  • International Gentoo Users
  • ↳   中文 (Chinese)
  • ↳   Dutch
  • ↳   Finnish
  • ↳   French
  • ↳   Deutsches Forum (German)
  • ↳   Diskussionsforum
  • ↳   Deutsche Dokumentation
  • ↳   Greek
  • ↳   Forum italiano (Italian)
  • ↳   Forum di discussione italiano
  • ↳   Risorse italiane (documentazione e tools)
  • ↳   Polskie forum (Polish)
  • ↳   Instalacja i sprzęt
  • ↳   Polish OTW
  • ↳   Portuguese
  • ↳   Documentação, Ferramentas e Dicas
  • ↳   Russian
  • ↳   Scandinavian
  • ↳   Spanish
  • ↳   Other Languages
  • Architectures & Platforms
  • ↳   Gentoo on ARM
  • ↳   Gentoo on PPC
  • ↳   Gentoo on Sparc
  • ↳   Gentoo on Alternative Architectures
  • ↳   Gentoo on AMD64
  • ↳   Gentoo for Mac OS X (Portage for Mac OS X)
  • Board index
  • All times are UTC
  • Delete cookies

© 2001–2026 Gentoo Foundation, Inc.

Powered by phpBB® Forum Software © phpBB Limited

Privacy Policy

 

 

magic