Another thousand+ /var/log/messagess entries with brute force ssh re-tries. I was bothered with them since one of my servers got a 6Mbit line. To improve security I did configure the SSH the way it requires the private key and if you do not have it, just disconnects. Simply - the service is not asking for the keyboard-interactive password entry any more. You don't have a right private-key? Drop the session immediately. In the /etc/ssh/sshd_config change:

PubkeyAuthentication yes # allow login via keys (authorized_keys must be filled with public key)
PasswordAuthentication no # disallow users whose keys are not in the authorized_keys file
ChallengeResponseAuthentication no
# do not ask for keyboard-interactive login
# "keyboard-interactive" userauth method
# It allows for an arbitrary sequence of
# server prompts and typed user responses

Allow also only specific user/s to log via ssh. The interactive session for mail/pop/web user is too big deal. To allow only some users, put the directive

"AllowUsers only_my_allowd_ssh_user1 only_my_allowed_ssh_user2"

into sshd configuration file and restart the daemon. Also disable root login and use ordinary user for loggin-in.

AllowRootLogin no

Are you iptables user? Then you can also use the anti syn-flood feature of the iptables and limit number of requests for SSH sessions on time basis.

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 2 --rttl --name SSH --rsource -j LOG --log-prefix SSH_brute_force
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 2 --rttl --name SSH --rsource -j REJECT --reject-with icmp-port-unreachable

Above: iptables will allow to open only three login session per minute, if the count is higher, the next syn packets are dropped until the counter clears itself - next minute.

Key management:

When I forgot again which key belongs to which server I realized it will be much easier to manage the keys with script. The following lines of shell do the job. Script generates key-pairs, distribute them to the server and allows you to connect to the server with appropriate key.

while true
echo "Generate key ... 1"
echo "Push key ... 2"
echo "Server connect ... 3"
echo "Exit ... x"
echo -n ": "
read option
case $option in
echo "Generatin key"
echo -n "Target srvr: "
read remotebox
if [ -f ~/.ssh/id_dsa_$remotebox ]
echo "WARNING: ~/.ssh/id_dsa_$remotebox exists - giving up."
ssh-keygen -f ~/.ssh/id_dsa_$remotebox
sleep 8
echo "Pushing key"
echo -n "Target srvr: "
read remotebox
echo -n "Target user: "
read user
echo "Using id_dsa.pub_$remotebox"
ls -la ~/.ssh/id_dsa_$ 2> /dev/null
if [ $? != 0 ]
echo "Problem with a key"
sleep 5
cat ~/.ssh/id_dsa_$ | ssh $user@$remotebox \
"(mkdir .ssh&>/dev/null; chmod 700 .ssh && cat - >> .ssh/authorized_keys )&&chmod 600 .ssh/authorized_keys"
sleep 5
echo "Please edit the following options in /etc/ssh/sshd_config"
echo "AllowUsers $user"
echo "PermitRootLogin no"
echo "PubkeyAuthentication yes"
echo "PasswordAuthentication no"
echo "ChallengeResponseAuthentication no"
echo "X11Forwarding no"
echo "Press [enter]"
echo -n "Target srvr: "
read remotebox
echo -n "Target user: "
read user
ssh -l $user -i ~/.ssh/id_dsa_$remotebox $remotebox
echo "Quit"
echo "Wrong"

[ add comment ] ( 7 views )   |  [ 0 trackbacks ]   |  permalink

<<First <Back | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | Next> Last>>