Preventing brute force attacks against ssh?
I use fail2ban which will lock an IP out after several failed attempts for a configurable amount of time.
Combine this with password strength testing (using john (John the Ripper)) to ensure brute-force attacks will not succeed.
Here's a good post on that subject by Rainer Wichmann.
It explains pros and cons on theses methods to do it :
- Strong passwords
- RSA authentication
- Using 'iptables' to block the attack
- Using the sshd log to block attacks
- Using tcp_wrappers to block attacks
- Port knocking
Ons small thing you can do is use something like DenyHosts:
It uses the built-in hosts.allow/hosts.deny to block out SSH abusers.
- Change the port used (as Trent mentioned)
- Require encryption keys instead of passwords. http://novosial.org/openssh/publickey-auth/
- Blacklist attacker ips
- Whitelist known users to prevent accidental blacklisting. (as Samiuela mentioned)
One of the easiest ways to avoid these attacks is to change the port that sshd listens on