computers:ssh_security
This is an old revision of the document!
Table of Contents
SSH security
Limit by user
Only allow required users to login.
Mac: in “System Preferences/Sharing/Remote Login”, choose users in the “Allow access for:” box.
Limit by IP address
First: deny connection from all in /etc/hosts.deny
# /etc/hosts.deny # deny from all sshd: ALL
Second: specify the allowed IPs in /etc/hosts.allow
# /etc/hosts.allow # allow intranet-ethernet IPs (192.168.1.*) # allow Academia Sinica IPs (140.109.*.*) sshd: 192.168.1., 140.109.: allow
Other IP ranges:
- Hinet: 118.160.0.0 - 118.167.255.255, 118.168.0.0 - 118.171.255.255
Check log files
Mac:
grep sshd /var/log/system.log
Ubuntu:
grep sshd /var/log/auth.log
Fail2ban
Install fail2ban
Ubuntu:
# install sudo apt install fail2ban # edit the conf file /etc/fail2ban/jail.conf as necessary # for example, increase 'bantime' or reduce 'maxretry' to enhance the security level # restart the service sudo /etc/init.d/fail2ban restart # regex test sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf # check status sudo /etc/init.d/fail2ban status # check client status sudo fail2ban-client status sudo fail2ban-client status sshd # check log cat /var/log/fail2ban.log # unban sudo fail2ban-client set sshd unbanip xxx.xxx.xxx.xxx
If registered at http://www.blocklist.de, edit /etc/fail2ban/jail.conf to add:
destemail = fail2ban@blocklist.de sendermail = fail2ban@your-server.tld
computers/ssh_security.1663923144.txt.gz · Last modified: 2022/09/23 16:52 by chkuo