Secure SSH - How To

[tuxituk]

Quote:

Originally Posted by cjcox

On Tue, 2009-11-03 at 22:56 +0000, tuxituk wrote:[color=blue]

Sadly, the ssh client historically uses LOWERCASE -p whereas
the scp program uses UPPERCASE -P. Just an fyi...

.

Yep cheers for the feedback and the spot! Embarrassing typo.

[cjcox]

Jim Henderson wrote:
> On Thu, 05 Nov 2009 22:05:41 +0000, cjcox wrote:
>
>> Hmmm... I'd say reducing your log sizes by literraly GIGABYTES daily is
>> a good thing... yes??
>
> GB? That would seem to indicate a bad logrotate policy to me.

Possibly. But probably NOT just a logrotate policy, but we could
take the logs during the day and somehow shuttle them
off somewhere... but when you're dealing with this much data,
it's a difficult problem no matter how you slice it up.

(which is why I love solutions that try to reduce the volume
of data to begin with).

[hendersj]

On Sat, 07 Nov 2009 21:34:32 +0000, Chris Cox wrote:

> Jim Henderson wrote:
>> On Thu, 05 Nov 2009 22:05:41 +0000, cjcox wrote:
>>
>>> Hmmm... I'd say reducing your log sizes by literraly GIGABYTES daily
>>> is a good thing... yes??
>>
>> GB? That would seem to indicate a bad logrotate policy to me.
>
> Possibly. But probably NOT just a logrotate policy, but we could take
> the logs during the day and somehow shuttle them off somewhere... but
> when you're dealing with this much data, it's a difficult problem no
> matter how you slice it up.

Yeah, other things would contribute as well. I've got a kernel module
that gives me a useless message on an OES2 server - in that it doesn't
identify the module that's actually having the problem. I get about 3
messages a second in my logs as a result.

One of these days I'll track it down.

> (which is why I love solutions that try to reduce the volume of data to
> begin with).

You and me alike. :-)

Jim
--
Jim Henderson
openSUSE Forums Moderator

[PVince81]

At some time I also had SSH pointing outside on port 22, and saw a lot of brute force attacks on that port, with a lot of interesting user names.

To fix it I installed an SSH filter. Unfortunately I forgot the name of that tool and can't find it online.

The tool was a wrapper for SSH that will detect brute force attacks, then after a few attempts, it will add the attacker's IP to the firewall blocking rules (iptables) and remove it after a certain elapsed time.

[Dexter1979]

Quote:

Originally Posted by PVince81

To fix it I installed an SSH filter. Unfortunately I forgot the name of that tool and can't find it online.

Is it in this article? Protecting SSH from brute force attacks

I'm no network manager but this is an interesting thread. So after some googling I found the above article. Makes for interesting reading.

[PVince81]

No, I used a different tool. It was back then in 2006.
But it looks like the tools from this article can achieve similar results. Good to know :-)