SSH Bot attack Prevention

Doran L. Barton fozz at iodynamics.com
Wed Mar 14 11:29:39 MDT 2007


Not long ago, Adam Findley proclaimed...
> So I am getting hit by ssh bots like crazy. It seems that they have
> discovered my ssh server.  Anywho, while they are not getting in, they
> are killing my bandwidth.  There is this article I found that after 15
> failed attempts it adds your ip to a block list.  While this sounds like
> a great solution, it is based on BSD.  Does anyone know of a linux solution?

The absolute best way to avoid being compromised by these bots is to
configure your SSH server (see /etc/ssh/sshd_config) to not accept password
authentication and to only allow users to authenticate using public key
encryption (RSA or DSA). 

    PasswordAuthentication  no

This is an excellent way of locking down a private system like your home
machine, but not so good for securing a system that many people need SSH
access to. 

We use DenyHosts (already recommended) on a couple servers that absolutely
have to have SSH accessible publicly and need to allow password
authentication. The new daemon mode is nice. I like it better than running
the script every 20 minutes from cron.

-=Fozz

-- 
fozz at iodynamics.com is Doran L. Barton, president/CTO, Iodynamics LLC
Iodynamics: IT and Web services by Linux/Open Source specialists
 "The Civil War began in 1830. Many soldiers repeatedly gave their lives
  for their country. "
    -- Seen in a school report
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20070314/380e52f4/attachment.bin 


More information about the PLUG mailing list