Topic: [Howto] block SSH Attacks

[Quail_Linux]

The SSH attacks that are doing the rounds have already been mentioned here a number of times in the past.

Nice perl script here to counter the problem :
http://www.lumiere.net/~j/login_sentry/

# description:
# Perl daemon that automatically adds hosts that \
# repeatedly fail ssh login attempts to /etc/hosts.deny.

[Brenno]

Seems like a great tool!  Anybody tried this yet?  (I hate being the first to get my feet wet as I'm not the best "swimmer" when it comes to fixing problems!)

[BrunoGarin]

Hummm ... ???

I don't know if this is very usefull because on SME the hosts.deny files is already fermely closed

all: all

What do you need more ... ?

[gordonr]

# Perl daemon that automatically adds hosts that \
# repeatedly fail ssh login attempts to /etc/hosts.deny.

- Only use SSH public key authentication - avoid password authentication
- Use SSH protocol version 2
- Limit the hosts which can access the SSH port to only those ones you care about:

http://forums.contribs.org/index.php?topic=27855.msg115824#msg115824

- Active intervention scripts, such as the one above, have been known to provide avenues for denial of service.

[mackayr]

I'd like to secure my SSH port to those that are in a particular range.  What is the syntax for this?  For example, say that I want to allow access from any user in the range XXX.XXX.XXX.5 - XXX.XXX.XXX.58.  How would this be written (aside from making each entry separately).

Thanks,

Rob