break-in attempt in my machine

Volker Wysk post at volker-wysk.de
Fri Sep 2 14:34:11 UTC 2016


Am Samstag, 27. August 2016, 21:58:05 CEST schrieb Karl Auer:
> Having ssh open to the world is better than having most other things
> open to the world. but there are quite a few things you can do to make
> a successful attack less likely. In order of goodness:
> 
> 1: Turn off password access; require a publickey login.
> 
> 2: Move ssh to a different port. Choose a random number between 1024
> and 65000 and put ssh on that port.
> 
> 3: Turn off ssh access for any accounts on your system that do not need
> it
> 
> 4: If you only need external access for certain commands, lock ssh down
> to permitting only those commands.
> 
> 5: If you will only be logging in from a limited set of other systems,
> allow ssh logins only from those addresses (or subnets).
> 
> 6: If you know you will only be logging in at certain times of the day
> or on certain days, turn off ssh access outside those times.
> 
> 7: If you are IPv6 capable, turn off IPv4 access.
> 
> 8: Consider setting up something like fail2ban, which will blacklist
> the IP address of anyone who tries (and fails) too frequently.
> 
> 9: Consider setting up portknocking.

Thanks for the list. I've switched to public key login, and set up fail2ban.

Point no. 5 seems to be redundant if public key login is used. Only the right 
machines have the private keys.

Bye
V.W.





More information about the ubuntu-users mailing list