LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-13-2006, 11:16 PM   #1
whovian
LQ Newbie
 
Registered: Jul 2005
Location: Lock Haven, PA, USA
Distribution: Redhat 7.3, 9 and Fedora 3
Posts: 9

Rep: Reputation: 0
stopping dictionary attacks


I was just checking some of my admin logs on my Redhat 9 server and I noticed that it looks like multiple people have been trying dictionary type attacks via ssh. It's kind of unnerving. I was wondering if anyone knows a way of stopping this?

Thanks for any help.
 
Old 07-13-2006, 11:58 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Sure, but that depends on your situation.

1. If your regular customers log on from the same networks consistently, filter unwanted login attempts with netfilter and/or tcp_wrappers. Problem solved.

2. If your regular customers log on from the same machines consistently, enable pubkey authentication and disable all other authentication. Problem solved.

I recommend #1 or #2, or both.

3. If you can't do #1 or #2, move sshd to listen on a different port (e.g. 123). This is a sucky security measure, though, and will only stop the script kiddies.

4. If you can't do #1, #2, or #3, then make sure your users have strong passwords. You can enforce this with John or some such.
 
Old 07-14-2006, 12:06 AM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
You might create a group for users who are authorized to use ssh, and use that group name in the /etc/ssh/sshd_conf configuration file. This should disallow all other users and groups. You may want to check the man sshd_conf manpages to double check. If you have the users in AllowUsers instead that would be fine also. AllowUsers trumps AllowGroups. If you want to use AllowGroups instead of AllowUsers, make sure that AllowUsers is commented out, because a user not listed AllowUsers will be denied access even if they are a member of a group in AllowGroups.

This is a suggestion for another layer of security rather than a replacement for the previous suggestions.
 
Old 07-14-2006, 04:02 AM   #4
spooon
Senior Member
 
Registered: Aug 2005
Posts: 1,755

Rep: Reputation: 49
also consider installing denyhosts
 
Old 07-14-2006, 04:12 AM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Or ... blockhosts


Cheers,
Tink
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Better dictionary for gnome-dictionary? General Linux - Software 4 08-21-2006 11:39 PM
LXer: Preventing SSH Dictionary Attacks With DenyHosts LXer Syndicated Linux News 0 02-19-2006 12:01 PM
Stopping span that are dictionary attacks PDT816 Linux - Security 11 11-10-2004 03:21 PM
Stopping Rumpelstiltskin Attacks? slack66 Linux - Security 6 06-25-2004 12:50 PM
IP attacks sundarrnathan Linux - Security 1 06-04-2003 06:33 AM


All times are GMT -5. The time now is 02:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration