Tuesday, January 24, 2012

Blocking Intruders From Using SSH

There are number of ways through which you can achieve this:

Usually you don't need a SSH access from outside your network, so closing the SSH port (22) in your router. Thus now no one can access your system via SSH.
Or else you could use programs(OR)softwares like Fail2Ban or DenyHosts. These watches your logs for repeated failed login attempts from the same IP address, then adds that IP address to your firewall rules to block any further contact from there.
Thirdly, usually hackers assume that SSH generally runs on the default port 22, change it to some random number by editing /etc/ssh/sshd_config and change the listen directive to:

  Listen 32145 (just an example)

now restart sshd using the command service sshd restart. The only disadvantage of implementing this step is that you have to specify the new port no. everytime you need to connect using SSH, but you can use an alias to take care of that:

alias newssh ssh -p 32145 (just an example)


No comments:

Post a Comment