Just to follow-up on various very good suggestions, the best of them being definitely to
disallow root login, I have included below what I've done to secure sshd:
1. On my gateway running NAT I have mapped a non-standard port to be forwarded to my server's ssh port, so that the normal script-kiddies don't get a hit on port 22 off the bat
2. On my server (running ssh) I have included the following statement in iptables to limit ssh to
allow only one new ssh connection each 30 seconds :
Code:
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -m recent --update --seconds 25 -j DROP
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -m recent --set -j ACCEPT
3. In /etc/ssh/sshd_config I have made a number of changes
Protocol 2 # Changed from Protocol 2,1 - allow only ssh v2 - more secure
PermitRootLogin No #NEVER EVER login as root - as addressed by previous thread writers
MaxAuthTries 2 #Changed from default 5
AllowUsers nnnn # Only one username which is un-guessable (and has STRONG password)
IgnoreRHosts Yes
PermitEmptyPasswords No
4. Check your /var/log/messages frequently
and if you're very security conscious:
5. Install a port-blocker that reads your logs and automagically reprograms iptables to lock-out the offending addresses if someone try to break in.
See
http://daemonshield.sourceforge.net/ or
http://www.simonzone.com/software/guarddog/ for examples, though there are many more programs available too.
-Y1