Wednesday, March 7, 2012

Disable ssh root direct login

in /etc/ssh/sshd_config
/PermitRootLogin yes

change to 
/PermitRootLogin no


/etc/init.d/ssh restart


  1. I'd also:

    RSAAuthentication yes

    # Change to no to disable tunnelled clear text passwords
    #PasswordAuthentication yes
    PasswordAuthentication no

    And in order to fend off ssh attack attempts, here's
    some iptables rules for denying access for N minutes
    after M failed login attempts.

    ## --------------------------------------------------------------------------------------------------
    ## SSH
    ## --------------------------------------------------------------------------------------------------
    # Create chains to defend from SSH attack
    iptables -N SSH_CHECK
    iptables -N SSH_ATTACKED

    # Captures SSH connections
    #iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j SSH_CHECK
    iptables -A INPUT -i ppp0 -p tcp --dport 22 -m state --state NEW -j SSH_CHECK

    # Define SSH_CHECK chain
    iptables -A SSH_CHECK -m recent --set --name SSH
    iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j SSH_ATTACKED
    iptables -A SSH_CHECK -j ACCEPT

    # Define SSH_ATTACKED chain
    iptables -A SSH_ATTACKED -j LOG --log-prefix "iptables SSH attack: " --log-level 7
    iptables -A SSH_ATTACKED -j REJECT

    Rob -