a_bertrand Posted February 3, 2009 Share Posted February 3, 2009 Hi, If you rent a VPS or a dedicated server or you have your own server connected to Internet, you should make sure nobody can break into your system simply by trying all sort of username/password. On relatively easy way to do so, is to install an additional pam_module: pam_abl -> http://www.hexten.net/wiki/index.php/Pam_abl Now to configure it check this site: http://www.ducea.com/2006/06/29/using-pam-to-block-brute-force-attacks/ Make sure the" auth required /lib/security/pam_abl.so ..." is above the remaining auth parts of your PAM SSH config or it will not work. This will not prevent the attacker to try... simply it will never work after the module detected a brute force attack, even with the correct password! After X days (you can configure it) the blocked list is cleaned, and things are back to normal. You may also check this site: http://rhcelinuxguide.wordpress.com/2006/06/01/autoblock-ips-with-failed-ssh-logins/ As there, you will find also some explanation how to block completely the IP of the "hacker" so that he/she cannot reach your server anymore. See you soon for some more SysAdmin work! (thanks mdshare to point me to the right place ;-) ) Quote Link to comment Share on other sites More sharing options...
Dave Posted February 3, 2009 Share Posted February 3, 2009 Re: Improve security against brute force SSH attacks Surely CSF does the same thing? 5 incorrect passwords and that IP get blocked. Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted February 3, 2009 Author Share Posted February 3, 2009 Re: Improve security against brute force SSH attacks CSF -> Linux Firewall software? And this pam module has the advantage first to not be visible from outside, second that it doesn't use any cron or special script to check your logs... It's simply called for each ssh your server get. So for me this is the best option. Quote Link to comment Share on other sites More sharing options...
Dave Posted February 3, 2009 Share Posted February 3, 2009 Re: Improve security against brute force SSH attacks CSF -> Linux Firewall software? And this pam module has the advantage first to not be visible from outside, second that it doesn't use any cron or special script to check your logs... It's simply called for each ssh your server get. So for me this is the best option. Ok i will stay with CSF :) thanks for the info on this tho Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted February 3, 2009 Share Posted February 3, 2009 Re: Improve security against brute force SSH attacks Thanks A, this looks like a better solution to my current (python based) system. Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted February 4, 2009 Author Share Posted February 4, 2009 Re: Improve security against brute force SSH attacks NP, some times there is so many possible solutions that you just find one which may not be the best one. Or some time a better solution appear after you already installed something... A server move is for me a good excuse to check what exists :-D Quote Link to comment Share on other sites More sharing options...
daryy Posted February 4, 2009 Share Posted February 4, 2009 Re: Improve security against brute force SSH attacks ME too!!thanks for the info on this topic! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.