Announcement

Collapse
No announcement yet.

How to block SSH attacks ?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to block SSH attacks ?

    There aren't enough information available that can help us block SSH attacks. Can someone please suggest ways to avoid such attacks?

  • #2
    Originally posted by Phnx View Post
    There aren't enough information available that can help us block SSH attacks. Can someone please suggest ways to avoid such attacks?
    The best option to block SSH attacks is to run that service on a different port. Also you can install a firewall to block any brute force attacks & restrict SSH access to certain/limited IPs only using the TCPWrappers (hosts.allow)..
    Rock _a.k.a._ Jack Daniel

    Follow eUKhost on Twitter || Join eUKhost Community on Facebook

    Comment


    • #3
      If using WHM, also check the "SSH Password Authorization Tweak".
      Password Authentication is currently disabled, for security reasons it is not recommended that you enable password authentication. If you are unable to ssh into the server please use the 'Manage SSH Keys' feature to generate,import, and/or authorize your keys.

      Comment


      • #4
        Tips to avoid SSH attacks

        Usually changing the Port should be just enough to keep it away from attacks. Furthermore, an SSH key too can work towards enhancing the security. Below is a gist of ways to secure yourselves from SSH attacks:

        i. Limiting ssh to specific networks in ssh config
        ii. Limiting the access to ssh from specific hosts
        iii. Avoiding the use of passwords and opt for keys
        iv. Changing the default ssh port from 22 to any of your choice.
        v. Restricting ssh to particular user accounts.
        vi. If using a password, use a complex password and changing it on a regular basis.
        vii. Ambiguous system access but permitting to login to low privilege accounts and setting up sudo to grant access to a privileged shell and only that.

        Comment


        • #5
          The SSH attacks are based on a very simple concept that is using an automated program for trying many combinations of either standard or frequently used account names and similarly, frequently used passwords. In order to reduce or stop the SSH attacks, you can also try the following:

          1. Use strong passwords
          2. It is very important to have RSA authentication on each machine you login
          3. Make the use of 'IPTABLES' to block the attack
          4. Port knocking is also a very efficient solution over SSH attacks. It completely eliminates the requirement of having SSH listen on an open port

          Comment

          Working...
          X