mrflash818 (mrflash818) wrote in debian,
mrflash818
mrflash818
debian

sshd protection - advice desired

Following SGVLUG presentation on ssh tricks, I setup an sshd server instance
on my debian workstation, using public key auth, and was able to be
successful.

I made sure to disable root login, and any password login attempts by
modifying sshd_config.

In the hour I was testing the new wonder, I was also tail-ing my auth log.

To my chagrin, in the two times I tested, I had many attempts to access my
ssh:

Oct 18 01:59:55 pip sshd[26361]: Invalid user oracle from 197.112.2.4
Oct 18 02:00:02 pip sshd[26367]: Invalid user test from 197.112.2.4
Oct 18 02:08:34 pip sshd[26596]: Invalid user test from 197.112.2.4
Oct 18 02:08:42 pip sshd[26599]: Invalid user test from 197.112.2.4
Oct 18 03:12:02 pip sshd[27000]: Invalid user oracle from 111.87.108.120
Oct 18 03:12:09 pip sshd[27003]: Invalid user test from 111.87.108.120
...
Oct 18 10:48:01 pip sshd[27953]: Invalid user peter from 184.105.177.21
Oct 18 10:48:07 pip sshd[27956]: Invalid user peter from 184.105.177.21
Oct 18 10:48:13 pip sshd[27958]: Invalid user sergei from 184.105.177.21
Oct 18 10:48:19 pip sshd[27960]: User root from 184.105.177.21 not allowed
because not listed in AllowUsers

So, I am hoping I could get advice or suggestions on what further
protections I could add (if any).
- I don't think static firewall rules would help, as I am hoping to ssh
into my box from anywhere
- I am guessing there is a way to have automation block or slowdown
attempts if they begin to seem suspicious.

I am no sysadmin, but looks like I am gonna have to learn some sysadmin-ish stuff
if I want to prevent my system from getting compromised. That, or admit I am over my head, and abandon
trying to be able to ssh into my box and do stuff from the outside world.
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 11 comments