Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Mon, 05 Oct 2009 14:36:12 +0200
  • Message-id: <hacp7t$cko$1@xxxxxxxxxxxxxxxx>
Joop Beris wrote:

On Saturday 03 October 2009 17:16:09 Per Jessen wrote:

I've just remembered the only drawback - using rsync, scp and others
who use ssh under the covers does become a little tiresome, but I
think both rsync and scp have environment variables that'll set a
usable default so you don't have to specify the new port all the
time.

Fail2ban is your friend:
http://www.fail2ban.org/wiki/index.php/Main_Page

IMHO, that solution is much easier implemented with three iptables rules
or by using the standard openSUSE firewwall as described by Andreas
Jaeger. Besides, fail2ban suffers from the same weakness that this
attack was clearly designed to abuse.

I use it to protect my home server against SSH and Apache attacks.
Works like a charm and I don't have to use the "security through
obscurity" approach by running my ssh daemon on a different port.
Sure, it will stop scripted attacks, but it breaks rsync et al.

See other postings in this thread - rsync, scp et al is not a problem,
you can configure the port on a host-by-host basis
in /etc/ssh/ssh_config. Works very well.


/Per

--
Per Jessen, Zürich (16.2°C)

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >