[sllug-members]: Securing SSHD

James Helsby cyanics at xmission.com
Wed Mar 8 13:36:03 MST 2006

After having tons of fun with several hack attempts over the weekend, 
and the reverse traces conducted there after, I am curious about what 
the group recommends. Here is the setup.

I run 2 servers, both with Core 4 behind firewalls with only 2 ports 
open (ssh and vnc). I have been up until now just running SSHD across 
the standard port 22, for simplicity. But after the weekends 6hour brute 
force attack, I have made several changes.

1) Denyhost runs every 5 minutes
2) changed port from 22 to an ambigous higher number
3) permit myself ONLY as a valid users for sshd.

Does the group think this is sufficient protection? what other methods 
of protection do you guys recommend? Anyone have a nice little "hey, you 
are being hacked" alerter script in use to notify you of an attack? What 
about local experiences with attacks?

Cheers, JH

More information about the sllug-members mailing list