break-in attempt in my machine
Volker Wysk
post at volker-wysk.de
Fri Sep 2 14:34:11 UTC 2016
Am Samstag, 27. August 2016, 21:58:05 CEST schrieb Karl Auer:
> Having ssh open to the world is better than having most other things
> open to the world. but there are quite a few things you can do to make
> a successful attack less likely. In order of goodness:
>
> 1: Turn off password access; require a publickey login.
>
> 2: Move ssh to a different port. Choose a random number between 1024
> and 65000 and put ssh on that port.
>
> 3: Turn off ssh access for any accounts on your system that do not need
> it
>
> 4: If you only need external access for certain commands, lock ssh down
> to permitting only those commands.
>
> 5: If you will only be logging in from a limited set of other systems,
> allow ssh logins only from those addresses (or subnets).
>
> 6: If you know you will only be logging in at certain times of the day
> or on certain days, turn off ssh access outside those times.
>
> 7: If you are IPv6 capable, turn off IPv4 access.
>
> 8: Consider setting up something like fail2ban, which will blacklist
> the IP address of anyone who tries (and fails) too frequently.
>
> 9: Consider setting up portknocking.
Thanks for the list. I've switched to public key login, and set up fail2ban.
Point no. 5 seems to be redundant if public key login is used. Only the right
machines have the private keys.
Bye
V.W.
More information about the ubuntu-users
mailing list