I came across this service called denyhosts…
It basically keeps your server from the unwanted ssh attempts and brute force attacks. For
denyhosts to work, you need to have
tcp_wrappers support and
The IPs from which unwanted ssh attacks come are listed in
/etc/hosts.deny file by
If you want to whitelist any of them, then you can put them in
For e.g. putting
sshd: 18.104.22.168 line in
/etc/hosts.deny file will disable all ssh attempts from that host and putting it in
/etc/hosts.allow will allow them.
Additionally what I do on my systems is … I keep only one system accessible from internet (sshd listens on both private and public interface) and on other systems I configure sshd to listen only on private interfaces. This can be achieved by putting
The other security measure is to disable root user to access ssh at all. put
PermitRootLogin no line in
/etc/ssh/sshd_config file, then access system with a normal user (not a sudoer) through ssh and then use
su - to gain root access.