Wednesday, January 24, 2007

SSH security settings

If you get such messages in your sshd:
sshd[21381]: Invalid user guest from
sshd[21386]: Invalid user admin from

That means someone try to hack your system. It must be a human or just a ‘bot’ (MS virus on computer somewhere in the internet).

There is some remedy is not explained good in the Internet.

First of all block all ssh incoming connections except yours own. Add this into your hosts.allow file:
sshd : : allow
sshd : : allow
sshd : : allow
sshd : ALL : deny

Into sshd_config:
PermitRootLogin no
AllowUsers yourusername

Now we’ll think our system is secure ;-) enough and you will get for sshd only:
sshd[22005]: refused connect from

Take care and be smart!

No comments: