Server Security

CyRiX_BlAcK · 2006-05-03 13:49:29

I currently use IPTABLES on my server, and it currently has no open incomming ports, True stealth etc.

But I was wondering if I could open port 22 for SSH but only for one user, NOT root or any others.

Is this possible?

Most server hacks ive seen are people guessing the root password etc, so if the only person that could SSH to the server EXTERNALLY was... I dunno..... WINBBLE, then theres bugger all change of them guessing the username, let along password (WOBBLE HEHE).

And if you failed to login 5 times running then it will block that IP for a month etc, this would make security nice.

Thoughts?

FUBAR · 2006-05-03 14:41:24

Dude, read /etc/ssh/sshd_config ! You can pretty much do everything you want out of the box by editing sshd's config file: no root login, only certain users, even from certain IP's. More info

If you want to block certain hosts after failed attempts, check this out.

smoon · 2006-05-03 15:18:19

There's the "AllowUsers" keyword that you can put in your sshd_config. You can use it to specify which users are allowed to login using ssh. Have a look at the manpage for more information.

For blocking possible attackers I use the iptables recent module:

  iptables -A INPUT -p tcp --syn -i eth0 --dport 22 -m recent --update 
    --seconds 60 --hitcount 3 -j DROP
  iptables -A INPUT -p tcp --syn -i eth0 --dport 22 -m recent --set

This will throttle connects and keeps possible attackers away. If someone intiates three connections or more with less than 60 seconds time inbetween each connect every packet from his host gets DROPped. But please don't just copy and paste these lines, read the iptables manpage and decide if this is what you want.

codemac · 2006-05-04 00:25:48

pacman -S denyhosts

Arch Linux

#1 2006-05-03 13:49:29

Server Security

#2 2006-05-03 14:41:24

Re: Server Security

#3 2006-05-03 15:18:19

Re: Server Security

#4 2006-05-04 00:25:48

Re: Server Security

Board footer