Welcome! Log In Create A New Profile

Advanced

Securing SSH on dockstar/Debian

Posted by exenew 
Securing SSH on dockstar/Debian
December 20, 2011 09:15AM
is there simple guide to securing SSH on debian/dockstar? like disable ssh from any host after couple failed attempts or any other solution to help with this..

One thing that comes to my mind is i change default port 22 to something else...

I had noticed coulple days ago light on my modem kept blinking at unual time...after little check on router and then on dockstar i found that some where on internet someone was trying to get through SSH on my dockstar. i went to dockstar and did netstat -np and connections were just keep coming.also was making dockstar CPU go to 5% constant...so for now i disabled port fowarding on my router but looking for some other solution - if any.
Re: Securing SSH on dockstar/Debian
December 20, 2011 02:07PM
Well - sure - you can change ssh to listen on a different port.

I also recommend either:

PermitRootLogin without-password
or
PermitRootLogin no


As well - you should be running fail2ban or similar.

Consider whitelisting hosts that need to connect to ssh and using iptables to block all others.

PHT
Re: Securing SSH on dockstar/Debian
December 20, 2011 02:14PM
I think you should do the following:
* change the port
* disallow root logins
* disable password logins (use key files)
Re: Securing SSH on dockstar/Debian
December 21, 2011 10:07AM
Thank you - i will try couple options over the weekend
Re: Securing SSH on dockstar/Debian
January 27, 2012 08:42PM
I have examined /etc/ssh/sshd_config and it have
SyslogFacility AUTH
LogLevel INFO

I'm looking at /var/log/auth.log and... there is no auth.log file. Any hints how i can check sshd log?
Author:

Your Email:


Subject:


Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically. If the code is hard to read, then just try to guess it right. If you enter the wrong code, a new image is created and you get another chance to enter it right.
Message: