computers:ssh_security
This is an old revision of the document!
Table of Contents
SSH security
Limit by user
Only allow required users to login.
Mac: in “System Preferences/Sharing/Remote Login”, choose users in the “Allow access for:” box.
Limit by IP address
First: deny connection from all in /etc/hosts.deny
# /etc/hosts.deny # deny from all sshd: ALL
Second: specify the allowed IPs in /etc/hosts.allow
# /etc/hosts.allow # allow intranet-ethernet IPs (192.168.1.*) # allow intranet-wireless IPs (10.0.1.*) # allow Academia Sinica IPs (140.109.*.*) # allow National Taiwan University IPs (140.112.*.*) sshd: 192.168.1., 10.0.1., 140.109., 140.112. : allow
Other IP ranges:
- Hinet: 118.160.0.0 - 118.167.255.255, 118.168.0.0 - 118.171.255.255
Check log files
Mac:
more /var/log/secure.log
Ubuntu:
more /var/log/auth.log
Fail2ban
Install fail2ban
Ubuntu:
# install sudo apt-get install fail2ban # edit the conf file /etc/fail2ban/jail.conf as necessary # for example, increase 'bantime' or reduce 'maxretry' to enhance the security level # restart the service sudo /etc/init.d/fail2ban restart # regex test sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf # check status sudo /etc/init.d/fail2ban status # check client status sudo fail2ban-client status # check log cat /var/log/fail2ban.log
If registered at http://www.blocklist.de, edit '/etc/fail2ban/jail.conf Config' to add:
destemail = fail2ban@blocklist.de sendermail = from@your-server.tld
computers/ssh_security.1382070793.txt.gz · Last modified: 2013/10/18 12:33 by chkuo