[LINICKX].com » ssh http://www.linickx.com Moments of Genius followed by Trash. Tue, 07 Feb 2012 15:06:32 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 password-less ssh login to JunOS http://www.linickx.com/3537/password-less-ssh-login-to-junos http://www.linickx.com/3537/password-less-ssh-login-to-junos#comments Tue, 17 Jan 2012 13:35:05 +0000 Nick http://www.linickx.com/?p=3537 Continue reading ]]>

Juniper (JunOS) SRX’s support ssh public key authentication.

nick> show configuration system login | display set
set system login user nick uid 2001
set system login user nick class super-user
set system login user nick authentication ssh-rsa "PASTE_KEY"
nick>

No-one likes to type passwords!

Nick
Copyright © 2012 [LINICKX].com. This Feed is for personal non-commercial use only. Please check my Site Terms and Conditions for full details on copyrights. If you have any concerns with the content of this feed you may contact me here.
WP Copyright Plugin]]> http://www.linickx.com/3537/password-less-ssh-login-to-junos/feed 0 DenyHosts – Protecting against SSH Brute Force Attacks http://www.linickx.com/270/denyhosts-protecting-against-ssh-brute-force-attacks http://www.linickx.com/270/denyhosts-protecting-against-ssh-brute-force-attacks#comments Thu, 12 Apr 2007 18:12:56 +0000 Nick http://www.linickx.com/blog/archives/270/denyhosts-protecting-against-ssh-brute-force-attacks/ Continue reading ]]> If you look after a remote linux box, the chances are you use SSH, in order to connect to it you may even have to leave PORT 22 open to the whole Internet !

There are some basic security steps that you can do to protect SSH, such as block the root user from logging in, and force users to use STRONG authentication.

Even after you’ve done all you can, logwatch will report that people are still wasting your time & resource by trying to break in ! This is where DenyHosts step in, it’s a small script (daemon) that keeps an eye on your SSH log file, if it spots someone trying to Brute Force Attack your SSH accounts, it adds them to hosts.deny (it’s like a firewall for some applications) and stops them from being able to connect.

I’m using redhat, so a pre-built rpm is available, if you already have DAG setup, you can use…

yum install denyhosts

I then had to run through the following steps (as root).

mkdir /usr/share/denyhosts
mkdir /usr/share/denyhosts/data/
echo '127.0.0.1' > /usr/share/denyhosts/data/allowed-hosts
cd /usr/share/denyhosts
cp /usr/share/doc/denyhosts-2.6/denyhosts.cfg-dist ./denyhosts.cfg
cp /usr/share/doc/denyhosts-2.6/daemon-control-dist ./daemon-control
chmod 700 /usr/share/denyhosts/daemon-control
ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
ln -s /usr/share/denyhosts/denyhosts.cfg /etc/denyhosts.cfg
/sbin/chkconfig denyhosts on

once you’ve charged through that marathon, in /etc/denyhosts.cfg you may want to take a look (and change) the following settings (Variables)

PURGE_DENY =
ADMIN_EMAIL =
SMTP_FROM = DenyHosts <nobody@localhost>

finally once you’re happy, start the DenyHosts service

/etc/init.d/denyhosts start

Now you’re logwatch report will show how may tries they had, and then Denied !

Refused incoming connections: 1.2.3.4  (some.name.com ): 2 Time(s)

Of course one option commonly suggested is to change the SSH port number from 22 to something else, where as this will reduce the amount of attacks on the service, it does absolutely nothing to protect it; of course you could do both, it’s all a matter of choice :)

Nick
Copyright © 2012 [LINICKX].com. This Feed is for personal non-commercial use only. Please check my Site Terms and Conditions for full details on copyrights. If you have any concerns with the content of this feed you may contact me here.
WP Copyright Plugin]]> http://www.linickx.com/270/denyhosts-protecting-against-ssh-brute-force-attacks/feed 0