[Cialug] denyhosts logging LOTS of attacks

Matthew Nuzum newz at bearfruit.org
Tue May 13 14:22:08 CDT 2008


On Tue, May 13, 2008 at 1:57 PM, Tim Wilson <tim_linux at wilson-home.com> wrote:
> That's what I thought, until I got hacked 6 years ago.  Granted, I did have
> an older ssh, but at the time, it wasn't that old.  Now, at the firewall
> level I only allow a certain range of IP addresses access to port 22.  Since
> I rarely ssh in from anywhere but home and work, I set it up to allow those
> addresses.  If I do need access from another machine, I can always open it
> up temporarily.  If I do, I turn on logging so everything gets logged.
>

Another trick is to have only one computer that accepts SSH
connections from the world at large and let it be a "proxy" to the
other machines. If you're using OpenSSH client you can add a line like
this in your .ssh/config file (assuming gateway.host is the host or IP
of your gateway machine):

Host *.domain.com
    User mnuzum
    ForwardAgent yes
    ProxyCommand ssh mnuzum at gateway.host nc -q0 %h %p

If you want to use this config from Windows using Putty I've created
instructions with screen shots and posted them here:
http://bearfruit.org/prolixities/tech/connecting-to-firewalled-hosts-using-putty-ssh

This limits your attack front and makes it easier to secure your
network. You can block all ssh traffic at your firewall/switch except
to that one host.

-- 
Matthew Nuzum
newz2000 on freenode


More information about the Cialug mailing list