Jump to content

ssh-fail2ban


MXs_369

Recommended Posts

is there something better then fail2ban to monitor my SSH auth logs from attackers. <other than a hardware firewall no $$ to spend> i got port 22 open and forwarding to the Linux box. just curious if there something or should i stick with what i got witch work fine. :unsure:

Link to comment
Share on other sites

The best way to secure an SSH server is to:

1: Don't use port 22

2: Disable root login

3: Disable using SSH1

4: Disable password authorization - use shared keys instead

5: Install fail2ban/denyhosts

There's probably something I am missing, but so far I haven't had any problems with anyone getting on my server.

Of course, I also locked down the filewall on it (gogo iptables) to only allow access from my local LAN and from 1 specific external IP address, so that's probably part of the security.

EDIT: As for me checking my logs.. I don't really do it, since it will only make me feel paranoid.

I do run this command sometimes:

cat /var/log/auth.log | grep ssh

That'll cat yer auth log and filter anything that has ssh in it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...