Securing SSH
11 Aug 2010SSH is a great service, however it is open to dictionary attacks that can allow hackers to get access of the server.
One great tool for limiting the success of the dictionary attacks against your ssh services is DenyHosts. This monitoring the authentication logs of your server and if it detects 3 failed logins from an ip address, it adds that ip address to /etc/hosts.deny.
To improve the service further, it has an optional distributed service that will notify you of ip addresses that are actively attempting to login to ssh servers by synchronising with a central server. Therefore you can block an ip address before it even attempts to login to your server.
The only downside of DenyHosts, is useless developers/users of your servers have a tenancy to forget their passwords occasionally and they then get totally blocked from the server, but that can be easily fixed.