SSH Defense brute Force hack

To view the log file:
$ sudo cat/var/log/auth.log
A large number of logs appear:
Failed password for root from 123.15.36.218 Port 51252 ssh2
Reverse mapping checking getaddrinfo for pc0.zz.ha.cn [218.28.79.228] failed–possible break-in attempt!
Invalid User Akkermans from 218.28.79.228
Pam_unix (Sshd:auth): Check pass; User Unknown
Pam_unix (Sshd:auth): Authentication failure; Logname= uid=0 euid=0 tty=ssh ruser= rhost=218.28.79.228

Solution Ideas:
1, modify the SSH port, prohibit root login
Modify the/etc/ssh/sshd_config file

$ sudo vi/etc/ssh/sshd_config
Port 4484 #一个别人猜不到的端口号
Permitrootlogin No

$ sudo/etc/init.d/ssh Restart//restart SSH command

2, disable password login, use RSA private key Login
Amazon EC2 Server is only allowed to log on with the private key, but in this case I would like to temporarily SSH on another computer, and without a private key file, it is very troublesome. So I manually opened the password Authentication login. Anyway, this one should be listed first.

# Generate key on client
$ ssh-keygen-t RSA
# Copy the public key to the server
$ ssh-copy-id-i. Ssh/id_rsa.pub Server
# You can also manually copy the. shh/id_rsa.pub to the. SSH in the server user directory, and remember to modify access permissions
# $ SCP. Shh/id_rsa.pub SERVER:~/.SSH
# in the server
$ CD./.ssh/
$ mv Id_rsa.pub Authorized_keys
$ chmod Authorized_keys
$ vi/etc/ssh/sshd_config
Rsaauthentication Yes #RSA认证
Pubkeyauthentication Yes #开启公钥验证
Authorizedkeysfile. Ssh/authorized_keys #验证文件路径
Passwordauthentication No #禁止密码认证
Permitemptypasswords No #禁止空密码
Usepam No #禁用PAM

# Last Save, restart
$ sudo/etc/init.d/ssh Restart

3, Installation DenyHosts
This method is relatively time-saving. DenyHosts is a Python language written in a program, it will analyze the sshd log files, when the discovery of duplicate failed login will be recorded IP to/etc/hosts.deny file, so as to achieve the function of automatic screen IP. This and my previous introduction of the automatic screening scan script is a way of thinking. If manually added by manual, it is not exhausting. Today DenyHosts is available in all distribution repositories, and does not require too much configuration for dummies to use.

Installation: www.2cto.com

# Debian/ubuntu:
$ sudo apt-get install denyhosts

# Redhat/centos
$ yum Install denyhosts

# ArchLinux
$ Yaourt denyhosts

# Gentoo
$ Emerge-av denyhosts
The default configuration will work well, such as to personalize the settings to modify/etc/denyhosts.conf

$ vi/etc/denyhosts.conf
Secure_log =/var/log/auth.log #ssh log file, which is judged by this file.
Hosts_deny =/etc/hosts.deny #控制用户登陆的文件
Purge_deny = #过多久后清除已经禁止的, empty means never unblock
Block_service = sshd #禁止的服务名, if you want to add additional services, just add a comma to keep up with the corresponding service
Deny_threshold_invalid = 5 #允许无效用户失败的次数
Deny_threshold_valid = Ten #允许普通用户登陆失败的次数
Deny_threshold_root = 1 #允许root登陆失败的次数
deny_threshold_restricted = 1
Work_dir =/var/lib/denyhosts #运行目录
Suspicious_login_report_allowed_hosts=yes
Hostname_lookup=yes #是否进行域名反解析
Lock_file =/var/run/denyhosts.pid #程序的进程ID
Admin_email = [email protected] #管理员邮件地址, it will send an email to the administrator
Smtp_host = localhost
Smtp_port = 25
Smtp_from = denyhosts <[email protected]>
Smtp_subject = denyhosts Report
AGE_RESET_VALID=5D #用户的登录失败计数会在多久以后重置为0, (H for hours, d for Day, M for month, W for week, Y for year)
age_reset_root=25d
age_reset_restricted=25d
age_reset_invalid=10d
Reset_on_success = yes #如果一个ip登陆成功后, the failed login count is reset to 0
Daemon_log =/var/log/denyhosts #自己的日志文件
Daemon_sleep = 30s #当以后台方式运行时, the time interval for each log file read.
Daemon_purge = 1h #当以后台方式运行时, the purge mechanism terminates the time interval of the old entry in Hosts_deny, which affects the Purge_deny interval.
See my/etc/hosts.deny file found there are 8 records.

$ sudo cat/etc/hosts.deny | Wc-l8

Scenario four: By restricting SSH login restrictions: Set the three consecutive login failed to log in again after 10 minutes.
Files:/etc/ssh/sshd_config

Logingracetime 10m//10 minutes to re-login
Permitrootlogin Yes
Strictmodes Yes
Maxauthtries 3//Maximum number of landings 3 times
Limit the number of landings by time to prevent frequent brute force cracking

VI Write
Ann Shift:x Save exit

SSH Defense brute Force hack