I would not talk about how important is to secure your ssh server. One of the tools that helps us to secure ssh server is DenyHosts. From the DenyHosts home page:
DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).
Sending accidentally wrong password to server will block your access. You can avoid it by using public key authentication or when it’s not possible you can configure DenyHosts to ignore IP addresses from your network:
How can I prevent a legitimate IP address from being blocked by DenyHosts?
Since it is quite possible for a user to mistype their password repeatedly it may be desirable to have DenyHosts prevent specific IP addresses from being added to /etc/hosts.deny. To address this issue, create a file named allowed-hosts in the WORK_DIR. Simply add an IP address, one per line. Any IP address that appears in this file will not be blocked.
[...]
I do prefer the TCP wrappers way, I’ll just bypass DenyHosts for local networks.
Configure DenyHosts to write blocked IPs to /etc/denyhosts/blocked:
# /etc/denyhosts/denyhosts.cfg HOSTS_DENY = /etc/denyhosts/blocked BLOCK_SERVICE =
Allow ssh connection if listed in /etc/denyhosts/ignored, and then the last rule is to allow ssh access unless listed in /etc/denyhosts/blocked:
# # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # ssh access sshd: /etc/denyhosts/ignored : allow sshd: ALL EXCEPT /etc/denyhosts/blocked
Add IPs/networks to ignore:
# /etc/denyhosts/ignored # hosts allowed to connect bypassing DenyHosts 192.168.10.0/255.255.255.0
More on the file format:
man hosts.allow
0 comments ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment