SSH Bot attack Prevention
Doran L. Barton
fozz at iodynamics.com
Wed Mar 14 11:29:39 MDT 2007
Not long ago, Adam Findley proclaimed...
> So I am getting hit by ssh bots like crazy. It seems that they have
> discovered my ssh server. Anywho, while they are not getting in, they
> are killing my bandwidth. There is this article I found that after 15
> failed attempts it adds your ip to a block list. While this sounds like
> a great solution, it is based on BSD. Does anyone know of a linux solution?
The absolute best way to avoid being compromised by these bots is to
configure your SSH server (see /etc/ssh/sshd_config) to not accept password
authentication and to only allow users to authenticate using public key
encryption (RSA or DSA).
This is an excellent way of locking down a private system like your home
machine, but not so good for securing a system that many people need SSH
We use DenyHosts (already recommended) on a couple servers that absolutely
have to have SSH accessible publicly and need to allow password
authentication. The new daemon mode is nice. I like it better than running
the script every 20 minutes from cron.
fozz at iodynamics.com is Doran L. Barton, president/CTO, Iodynamics LLC
Iodynamics: IT and Web services by Linux/Open Source specialists
"The Civil War began in 1830. Many soldiers repeatedly gave their lives
for their country. "
-- Seen in a school report
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20070314/380e52f4/attachment.bin
More information about the PLUG