[sllug-members]: Securing SSHD
cyanics at xmission.com
Wed Mar 8 13:36:03 MST 2006
After having tons of fun with several hack attempts over the weekend,
and the reverse traces conducted there after, I am curious about what
the group recommends. Here is the setup.
I run 2 servers, both with Core 4 behind firewalls with only 2 ports
open (ssh and vnc). I have been up until now just running SSHD across
the standard port 22, for simplicity. But after the weekends 6hour brute
force attack, I have made several changes.
1) Denyhost runs every 5 minutes
2) changed port from 22 to an ambigous higher number
3) permit myself ONLY as a valid users for sshd.
Does the group think this is sufficient protection? what other methods
of protection do you guys recommend? Anyone have a nice little "hey, you
are being hacked" alerter script in use to notify you of an attack? What
about local experiences with attacks?
More information about the sllug-members