[Cialug] denyhosts logging LOTS of attacks
Matthew Nuzum
newz at bearfruit.org
Tue May 13 14:22:08 CDT 2008
On Tue, May 13, 2008 at 1:57 PM, Tim Wilson <tim_linux at wilson-home.com> wrote:
> That's what I thought, until I got hacked 6 years ago. Granted, I did have
> an older ssh, but at the time, it wasn't that old. Now, at the firewall
> level I only allow a certain range of IP addresses access to port 22. Since
> I rarely ssh in from anywhere but home and work, I set it up to allow those
> addresses. If I do need access from another machine, I can always open it
> up temporarily. If I do, I turn on logging so everything gets logged.
>
Another trick is to have only one computer that accepts SSH
connections from the world at large and let it be a "proxy" to the
other machines. If you're using OpenSSH client you can add a line like
this in your .ssh/config file (assuming gateway.host is the host or IP
of your gateway machine):
Host *.domain.com
User mnuzum
ForwardAgent yes
ProxyCommand ssh mnuzum at gateway.host nc -q0 %h %p
If you want to use this config from Windows using Putty I've created
instructions with screen shots and posted them here:
http://bearfruit.org/prolixities/tech/connecting-to-firewalled-hosts-using-putty-ssh
This limits your attack front and makes it easier to secure your
network. You can block all ssh traffic at your firewall/switch except
to that one host.
--
Matthew Nuzum
newz2000 on freenode
More information about the Cialug
mailing list