using denyhosts

I came across this service called denyhosts
It basically keeps your server from the unwanted ssh attempts and brute force attacks. For denyhosts to work, you need to have sshd with tcp_wrappers support and python.

The IPs from which unwanted ssh attacks come are listed in /etc/hosts.deny file by denyhosts
If you want to whitelist any of them, then you can put them in /etc/hosts.allow file.

For e.g. putting sshd: 192.16.20.3 line in /etc/hosts.deny file will disable all ssh attempts from that host and putting it in /etc/hosts.allow will allow them.

Additionally what I do on my systems is … I keep only one system accessible from internet (sshd listens on both private and public interface) and on other systems I configure sshd to listen only on private interfaces. This can be achieved by putting

ListenAddress private_ip_here

line in /etc/ssh/sshd_config

The other security measure is to disable root user to access ssh at all. put PermitRootLogin no line in /etc/ssh/sshd_config file, then access system with a normal user (not a sudoer) through ssh and then use su - to gain root access.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s