Brute-Force SSH Server Attacks Surge -- InformationWeek
Tom Buskey
tom at buskey.name
Fri May 16 09:56:34 EDT 2008
On Thu, May 15, 2008 at 9:47 AM, Bob King <bob.king.1138 at gmail.com> wrote:
>
> Many distros come with ssh installed by default, and often with root access
> allowed by default. I always thought that disabling root access via ssh is a
> good idea, but reading this I would assume it would be a good idea to just
> deactivate password access via ssh all together and limit access to systems
> with keys known to the host. Moving the sshd to a non-standard port would be
> another move, but would that stop more than the most basic tools?
>
> I would be interested in hearing recommendations from other folks on the
> list.
>
Low hanging fruit:
Non standard port
Use AllowedUsers - only allow specific users
DenyUsers - disable all system account
RootLogin - disallowed
Run denyhosts or some other black listing app.
reboot your sshd periodically to timeout connections
Disable ping
Harder:
No passwords allowed - must have keys
Allow only specific IPs in
Run in a chroot - you need to ssh tunnel out of it to another port
Setup something like dial back
port knocking
Eliminate every ssh feature you don't need - config or coding
Add another layer of authentication
OTP (one time passwords) - There are ways to to this with a preprinted
list
SecureID or something similar
Run a different codebase - not OpenSSH, but lssh, SSH Inc, dropbear, etc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080516/48ca1d9f/attachment-0001.html
More information about the gnhlug-discuss
mailing list