Thread: Failed SSH login attempts and how to avoid brute ssh attacks

View Single Post
  #1 (permalink)  
Old 19-12-2006, 04:40 AM
rockdalinux's Avatar
rockdalinux rockdalinux is offline
Is that all you got?
User
  
Join Date: May 2005
Location: Planet Vegeta
OS: Redhat
Posts: 708
Thanks: 15
Thanked 19 Times in 18 Posts
Rep Power: 10
rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light
Default Failed SSH login attempts and how to avoid brute ssh attacks
Hello all,

Please share your tips and howto about avoiding failed login ssh attempt (brute ssh attack) and securing SSH based remote Login system.

This is kind of a group project and I am expecting to everyone share their valuable experience. Please consider following

SSH brute force attacks
SSH dictionary attacks
Buffer overflow attack
Securing shell access via ssh

Step # 1: Change the ssh port
Open config file /etc/ssh/sshd_config
Code:
vi /etc/ssh/sshd_config
Default port is 22 set to something else like 678
Code:
Port 678
Step # 2: Bind ssh to specific IP address
Usually all server comes with 5 or more public IP address. No need to bind to all IP address. Just bind to one IP address.
Code:
ListenAddress 65.1.5.1
Step # 3: Only use SSH protocol 2
Code:
Protocol 2
Step # 4: Do not allow root to login
Code:
PermitRootLogin no
Step # 5: Deny root user login
Code:
DenyUsers root
Step # 6: Setup login banner
Code:
Banner /etc/ssh.go.txt
Save and close file. Create file
Code:
vi /etc/ssh.go.txt
Type message in file
Code:
************************************************************

This is a private server!!! All ssh login attempts are logged and 
monitored by our staff. All unauthorized login attempts will be 
investigated and  repoeted to local authorities.
If you have any login problem please contact helpdesk us at
Phone: 888-555-777 or email us
Email:  support@mycorop.com
******************************************************************
Save and close file. Restart sshd
Code:
/etc/init.d/sshd restart
Now to login always use:
Code:
ssh -p PORT user@IP-address
ssh -p PORT user@your.server.com
ssh -p 678 rocky@65.1.5.1
For scp use -P port option
Code:
scp -P 678 local.txt rocky@65.1.5.1:/home/rocky
How to Disable SSHD password authentication
As suggested by monk you can automate password less logins with ssh client keys instead of password authentication.

Type at your local Linux/UNIX workstation; create a public/private key pair:
Code:
ssh-keygen -t rsa
Just press [Enter] key when promoted for a passphrase. Just hit [Enter] key twice. Now you have ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub files. Copy ~/.ssh/id_rsa.pub file to your remote ssh server using scp:

First login to remove server over ssh and create .ssh directory:
Code:
ssh -p 678 user@65.1.5.1
Now create .ssh dir and set permission to 0700
Code:
mkdir .ssh && chmod 0700
logout
Now type following at client system (copy file to remote server as authorized_keys2)
Code:
scp -P 678 ~/.ssh/id_rsa.pub user@65.1.5.1:.ssh/authorized_keys2
scp  -P 678 ~/.ssh/id_rsa.pub user@65.1.5.1:/home/user/.ssh/authorized_keys2
Now you can login to remote system w/o password from your local Linux/UNIX workstation.

Code:
ssh -p 678 user@65.1.5.1
On serer open /etc/ssh/sshd_config
Code:
vi /etc/ssh/sshd_config
And disable password authtication
Code:
PasswordAuthentication no
Restart sshd
Code:
/etc/init.d/sshd restart
__________________
Rocky Jr.
What's wrong? I hope I am not making you uncomfortable...

Never send a boy to do a mans job.
Reply With Quote