« Nmap and Netstat: Analyzing Your Server's Public Exposure | Main | Facebook Places »

August 13, 2010

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01156fc2ebf9970c0134862fbe7a970c

Listed below are links to weblogs that reference Securing SSH:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Dave Aronson

In some very small and private environments, like a home network, putting ssh on a different port may also buy you some convenience when inspecting the logs. You won't be distracted by so many skr1p7 k1dd13z (and other types of worms) trying to get in. It became a lot easier for me to see what-all was going on in my security logs, after I did that.

In an environment where lots of different legit stuff owned by lots of different people (legit-ly, not 0wned) needs to ssh in, you're absolutely right tho.

Mike S

thanks for the denyhosts tip! Installed it and blocked someone less than an hour later. Are scans really that common?

Chris E

Also don't forget to whitelist your own IP in the 'allowed-hosts' file. It's in /var/lib/denyhosts/ on Debian (probably Ubuntu too).

Chris E

@Mike: Very common! Our Servers blacklist 100 IPs/day _each_.

David Bock

Good advice on the allowed_hosts file Chris, just to prevent a boneheaded mistake. And yeah Mike, I get dozens of blocks a day on each of my servers. If you want to see a shocker, check out the tool 'logwatch'. I'll be blogging about that soon, but in short, It'll eail you a daily report analyzing your logs. Without denyhosts, you'll see thousands of login attempts a day to very common user names.

The comments to this entry are closed.