Fli
06-29-2017, 11:25 AM
How are you preventing SSH bruteforce on Linux?
It is often advised to change SSH port, setup SSH key based access and disable password based access.
What are other options?
I am using denyhosts to block bots that are trying to bruteforce into the server via SSH (https://github.com/denyhosts/denyhosts)
Someone is using fail2ban instead of denyhosts (apt-get install fail2ban)
Third option can be to block IPs with excessive SSH login attempts by executing commands:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT
iptables -A INPUT -m recent --update --seconds 600 --hitcount 8 --rttl --name SSH --rsource -j DROP
Also using passwords which parts are not based on dictionary words. Preferably randomly generated, mixture of the alphanumeric, 12 characters+
It is often advised to change SSH port, setup SSH key based access and disable password based access.
What are other options?
I am using denyhosts to block bots that are trying to bruteforce into the server via SSH (https://github.com/denyhosts/denyhosts)
Someone is using fail2ban instead of denyhosts (apt-get install fail2ban)
Third option can be to block IPs with excessive SSH login attempts by executing commands:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT
iptables -A INPUT -m recent --update --seconds 600 --hitcount 8 --rttl --name SSH --rsource -j DROP
Also using passwords which parts are not based on dictionary words. Preferably randomly generated, mixture of the alphanumeric, 12 characters+