[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I've been seeing a marked increase in sshd attacks from China, on my home
You might all want to take a look at your /var/log/auth.log or
/var/log/secure and see what kind of action y'all are getting.
The common one seems to be root that they try for, so make sure you have
PermitRootLogin set to no. Other faves are git, admin and other common
system ids. As I have a very static number of users on my system, I used
AllowedUsers in my sshd_config to further lock it down.
And if you like SSH'ing to root for some reason, you can restrict it by
IP, like so:
Match Address 10.*
finally I picked up this little iptables snippet online, for those of you
who haven't moved to firewalld yet, for really clamping down on failed
iptables -A INPUT -p tcp -m tcp --dport 22 -m state \
--state NEW -m hashlimit --hashlimit 1/hour \
--hashlimit-burst 2 --hashlimit-mode srcip \
--hashlimit-name SSH --hashlimit-htable-expire 60000 \
iptables -A INPUT -p tcp -m tcp --dport 22 \
--tcp-flags SYN,RST,ACK SYN -j DROP
iptables -A INPUT -p tcp -m state \
--state NEW -m tcp --dport 22 -j ACCEPT
To unsubscribe, send email to firstname.lastname@example.org with
"unsubscribe luci-discuss" in the body.