computers:ssh_security
Table of Contents
SSH security
Limit by user
Only allow required users to login.
Mac: in “System Preferences/Sharing/Remote Login”, choose users in the “Allow access for:” box.
Limit by IP address
First: deny connection from all in /etc/hosts.deny
# /etc/hosts.deny # deny from all sshd: ALL
Second: specify the allowed IPs in /etc/hosts.allow
# /etc/hosts.allow # allow intranet IPs (192.168.1.*) # allow IPMB IPs (172.*.*.*) # allow Academia Sinica IPs (140.109.*.*) sshd: 192.168.1., 172., 140.109.: allow
Check log files
Mac:
grep sshd /var/log/system.log
Ubuntu:
grep sshd /var/log/auth.log
Fail2ban
Install fail2ban
Ubuntu:
# install sudo apt install fail2ban # edit the conf file /etc/fail2ban/jail.conf as necessary # for example, increase 'bantime' or reduce 'maxretry' to enhance the security level # restart the service sudo /etc/init.d/fail2ban restart # regex test sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf # check status sudo /etc/init.d/fail2ban status # check client status sudo fail2ban-client status sudo fail2ban-client status sshd # check log cat /var/log/fail2ban.log # unban sudo fail2ban-client set sshd unbanip xxx.xxx.xxx.xxx
If registered at http://www.blocklist.de, edit /etc/fail2ban/jail.conf to add:
destemail = fail2ban@blocklist.de sendermail = fail2ban@your-server.tld
computers/ssh_security.txt · Last modified: 2023/03/28 14:40 by chkuo