MXs_369 Posted February 2, 2010 Share Posted February 2, 2010 is there something better then fail2ban to monitor my SSH auth logs from attackers. <other than a hardware firewall no $$ to spend> i got port 22 open and forwarding to the Linux box. just curious if there something or should i stick with what i got witch work fine. Quote Link to comment Share on other sites More sharing options...
Charles Posted February 2, 2010 Share Posted February 2, 2010 The best way to secure an SSH server is to: 1: Don't use port 22 2: Disable root login 3: Disable using SSH1 4: Disable password authorization - use shared keys instead 5: Install fail2ban/denyhosts There's probably something I am missing, but so far I haven't had any problems with anyone getting on my server. Of course, I also locked down the filewall on it (gogo iptables) to only allow access from my local LAN and from 1 specific external IP address, so that's probably part of the security. EDIT: As for me checking my logs.. I don't really do it, since it will only make me feel paranoid. I do run this command sometimes: cat /var/log/auth.log | grep ssh That'll cat yer auth log and filter anything that has ssh in it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.