Wednesday, March 7, 2012

Disable ssh root direct login 

in /etc/ssh/sshd_config
 
/PermitRootLogin yes


change to 


 


/PermitRootLogin no




then




/etc/init.d/ssh restart









Posted by
PANG


at
5:10 AM



































2 comments:








  1. naderraApril 22, 2012 at 8:42 AM
    I'd also:

    RSAAuthentication yes
    ...

    # Change to no to disable tunnelled clear text passwords
    #PasswordAuthentication yes
    PasswordAuthentication no

    And in order to fend off ssh attack attempts, here's
    some iptables rules for denying access for N minutes 
    after M failed login attempts.

    ## --------------------------------------------------------------------------------------------------
    ## SSH
    ## --------------------------------------------------------------------------------------------------
    # Create chains to defend from SSH attack
    iptables -N SSH_CHECK
    iptables -N SSH_ATTACKED

    # Captures SSH connections
    #iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j SSH_CHECK
    iptables -A INPUT -i ppp0 -p tcp --dport 22 -m state --state NEW -j SSH_CHECK

    # Define SSH_CHECK chain
    iptables -A SSH_CHECK -m recent --set --name SSH
    iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j SSH_ATTACKED
    iptables -A SSH_CHECK -j ACCEPT

    # Define SSH_ATTACKED chain
    iptables -A SSH_ATTACKED -j LOG --log-prefix "iptables SSH attack: " --log-level 7
    iptables -A SSH_ATTACKED -j REJECT

    Cheers
    Rob -
    ReplyDelete




























        

      









Subscribe to:
Post Comments (Atom)