Results 1 to 16 of 16
  1. #1
    Join Date
    Jun 2001
    Location
    Gilroy CA.
    Posts
    466

    SSH Password Hackers

    Running Linux - FC4 - looking for a security utility so that if someone does a dictionary attack trying to hack into SSH that after a number of failed attempts it locks them out.

    What do people use for this and hacker prevention in general?
    Marc Perkel
    /root
    http://www.junkemailfilter.com
    [email protected]

  2. #2
    Join Date
    Feb 2003
    Location
    CT
    Posts
    481
    apf will do this for you at the firewall level.

  3. #3
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    Actually BFD and APF will do this. BFD monitors the logs and after a few password guesses it will block the person in APF firewall.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  4. #4
    Join Date
    Feb 2003
    Location
    CT
    Posts
    481
    Originally posted by eth00
    Actually BFD and APF will do this. BFD monitors the logs and after a few password guesses it will block the person in APF firewall.
    Dooh , right. forgot about the bfd part. thanks for correcting that.

  5. #5
    Join Date
    Jun 2001
    Location
    Gilroy CA.
    Posts
    466
    Where do I get these APF and BFD packages? Is there an RPM for them?
    Marc Perkel
    /root
    http://www.junkemailfilter.com
    [email protected]

  6. #6
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    www.rfxnetworks.net has the files, they are very easy to run. If do a quick search on google there are a lot of guides.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  7. #7
    Join Date
    Feb 2003
    Location
    CT
    Posts
    481

  8. #8
    Join Date
    Jul 2002
    Location
    Malaysia
    Posts
    698
    other than downloading the apf and bfd, you might also consider to change your ssh default port 22 to another port and set it to listen to specific IP address. Remember also to set your ssh to listen to only Protocol 2 only ( by default both Protocol 1 and 2 is set ).

  9. #9
    Join Date
    May 2005
    Posts
    48
    change ssh port

    and dont allow direct root enter ssh

    have good time

  10. #10
    Join Date
    Nov 2004
    Location
    Dallas
    Posts
    739
    BFD had worked excellent for me, I really recommend it for you; also changing the port work's; if you use these 2 together, with hard guessing password; your server will be more secure

  11. #11
    Join Date
    Jun 2001
    Location
    Gilroy CA.
    Posts
    466
    I'll install those packages. Any config tricks I should know about?
    Marc Perkel
    /root
    http://www.junkemailfilter.com
    [email protected]

  12. #12
    Originally posted by loverboy
    change ssh port

    and dont allow direct root enter ssh

    have good time
    I've seen people say that before. For a linux beginner can you tell me why it's beneficial not to allow people to log in as root directly ?

  13. #13
    Join Date
    Nov 2002
    Location
    Under the sea
    Posts
    4,208
    Originally posted by monkjack
    I've seen people say that before. For a linux beginner can you tell me why it's beneficial not to allow people to log in as root directly ?
    Because then someone has to guess what your root login is as well as your root password instead of automatically knowing the root login is root which is very insecure and frankly I dont see why anybody keeps root as the main root login nowadays.

  14. #14
    Join Date
    Jun 2001
    Location
    Gilroy CA.
    Posts
    466
    Do you mean to rename the root user to someone else Adam?
    Marc Perkel
    /root
    http://www.junkemailfilter.com
    [email protected]

  15. #15
    Join Date
    Jan 2002
    Location
    Scotland
    Posts
    918
    Bear in mind BFD by default runs on an 8 minute cron job, a lot of attempts can be made in 8 minutes.

    2) Installation:
    There is an included 'install.sh' script that installs all files to
    '/usr/local/bfd/' and places a 8-minute cronjob in '/etc/cron.d/bfd'. The setup is really as simple as that.
    As others have said moving SSH access away from port 22 is your easiest and probably most effective thing you can do to thwart the majority of the attempts you see
    Nil illegitimi carborundum
    I'm getting old and don't do drugs. I get the same effect just standing up fast.

  16. #16
    Join Date
    Sep 2003
    Location
    Washington, USA
    Posts
    3,219
    Moving SSH to a non-standard port is a good idea. We do that for all of our servers in which no SSH access is allowed. Get BFD installed from rfxnetworks as well as LogWatch. LogWatch will e-mail you daily reports of your server, including attempts made to login via SSH (sucessful and unsucessful login attempts).
    SHAW NETWORKS Simple. Professional. Reliable. Web Hosting Done Right.
    Low Cost & Award-Winning: cPanel Reseller Plans 24/7/365 Live Technical Support
    Website: www.shawnetworks.com Fast Response E-mail: sales @ shawnetworks.com
    Sick of downtime? Fed up with excuses? Drop your host! Switch to Shaw Networks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •