ssh security
because attackers know there is a "root" account on your server they may try to guess your root passwordso create a user account (that can "su -" on centos or has "sudo -i" rights on ubuntu) and disable root ssh
disable root ssh
edit /etc/ssh/sshd_config and add / uncomment the following linePermitRootLogin no
then ssh in as a non root user
centos
restart sshd$ su - # /sbin/service sshd restart
ubuntu
restart ssh (not sshd)$ su - # /sbin/init.d/ssh restart
logout and check you cannot directly
$ ssh root@yourhost
check for attacks
create whos-attacked-me-recently.sh# egrep "error|invalid" /var/log/secure | tail -30 > secure$(date +%y%m%d).log
sample attacks output
Apr 28 12:08:50 net sshd[20494]: input_userauth_request: invalid user tester Apr 28 12:08:50 net sshd[20493]: pam_succeed_if(sshd:auth): error retrieving information about user tester Apr 28 12:08:52 net sshd[20493]: Failed password for invalid user tester from 10.10.10.10 port 39509 ssh2 Apr 28 12:08:53 net sshd[20496]: input_userauth_request: invalid user ftpuser Apr 28 12:08:53 net sshd[20495]: pam_succeed_if(sshd:auth): error retrieving information about user ftpuser Apr 28 12:08:56 net sshd[20495]: Failed password for invalid user ftpuser from 10.10.10.10 port 39836 ssh2 Apr 28 12:08:57 net sshd[20499]: input_userauth_request: invalid user testuser Apr 28 12:08:57 net sshd[20498]: pam_succeed_if(sshd:auth): error retrieving information about user testuser Apr 28 12:08:59 net sshd[20498]: Failed password for invalid user testuser from 10.10.10.10 port 40184 ssh2
REFERRERS
ssh
SystemSecurity
