Make sure your SSH server is secure
First and formost, ask yourself if you really need to run ssh on an external IP. If not then in the ssh config you can bind it to your internal LAN easily enough 🙂
You can do this in the sshd_config file using something like …
ListenAddress 192.168.1.1
Another thing you probably want is to not allow root logins.
PermitRootLogin no
If you happen to want external access and have dns or something setup, it sometimes pays to run it on a different port to stop a lot of bots that go around trying default user/password combos. This can be annoying when connecting in, particularly if you have multiple users, but its worth its weight in gold in stopping automated attacks.
Port 2200
There are many more options in the ssh config that you may wish to try out, im not going to go into each and every one of them.
Here are some other ideas which may be fun to test/try
Firewall rules can help limit the amount of times they connect within a set time with something like this.
iptables -A INPUT -i eth0 -p tcp --dport ssh -m state --state NEW \ -m recent --set --name recentssh iptables -A INPUT -i eth0 -p tcp --dport ssh -m state --state NEW \ -m recent --name recentssh --update --seconds 120 --hitcount 4 -j DROP iptables -A INPUT -j ACCEPT -i eth0 -p tcp --destination-port ssh
This allows them 4 counts within 120 seconds.
Ed: Some people have had issues with this due to a bug in debian/kernel/ip_recent and sent in this change
iptable -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW \ -m limit --limit 3/min --limit-burst 3 -j ACCEPT iptable -A INPUT -i eth0 -p tcp --dport 22 -m state \ --state ESTABLISHED -j ACCEPT iptable -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
Last-Modified: 2007-04-05 21:41:24