The solution to SSH anti-violence hack

Source: Internet
Author: User

The solution to SSH anti-violence hack:

1, prohibit the root user ssh login, 1.1, modify Permitrootlogin:
[[email protected] ~]# vi/etc/ssh/sshd_config[[email protected] ~]# grep root/etc/ssh/sshd_configpermitrootlogin no
   ### changes the default  #PermitRootLogin Yes to the setting of "Permitrootlogin Without-password".

1.2. Restart the SSHD service
Stopping sshd:                                   [  OK  ]starting sshd:                                   [  OK  ]

2, modify the SSH default port 22;2.1, change the default port 22 to the custom 2020 port
[[email protected] ~]# vi/etc/ssh/sshd_config[[email protected] ~]# grep port/etc/ssh/sshd_configport 2020    # Gatewayports No

2.2, the policy of adding 2020 ports in the firewall
[[email protected] ~]# vi/etc/sysconfig/iptables[[email protected] ~]# grep 2020/etc/sysconfig/iptables-a input-p TCP- M state--state new-m TCP--dport 2020-j ACCEPT

2.3. Restart the firewall policy
[Email protected] ~]#/etc/init.d/iptables Restart iptables:setting chains to policy accept:nat filter      [  ok
   
    ]iptables:flushing firewall rules:                         [  OK  ]iptables:unloading modules:                               [  OK  ]iptables: Applying firewall rules:                         [  OK  ]
   

2.4. Restart the SSHD service
[Email protected] ~]#/etc/init.d/sshd restartstopping sshd:                                   [  OK  ]starting sshd:                                   [  OK  ]


highlights the third method: DenyHosts
3. Use the denyhosts process to restrict SSH sniffing; 3.1. Open a terminal, root login
Login As:root[email protected] ' s password:last login:tue Jul 18:54:57 from 192.168.10.101[[email protected] ~]# Cat/etc/issuecentos Release 6.5 (Final) Kernel \ r on an \m
3.2. Increase system users
[Email protected] ~]# useradd leekwen  [[email protected] ~]# passwd leekwenchanging password for user Leekwen. New Password:bad Password:it is based on a dictionary wordretype new Password:passwd:all authentication tokens updated S Uccessfully.

3.3, open another terminal, non-root login
Login As:leekwen[email protected] ' s password:last login:tue Apr 21:27:26 from 192.168.10.100
3.4. Switch to root account
[Email protected] ~]$ su-root Password:

3.5. Download DenyHosts File
[Email protected] ~]# wget-c http://nchc.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/denyhosts-2.6.tar.gz[ [email protected] ~]# ls denyhosts-2.6.tar.gzdenyhosts-2.6.tar.gz
3.6. Unzip and install
[[Email protected] ~]# tar zxf denyhosts-2.6.tar.gz[[email protected] ~]# CD Denyhosts-2.6[[email protected] DenyHosts-2. 6]# python setup.py install[[email protected] denyhosts-2.6]# Cd/usr/share/denyhosts/[[email protected] denyhosts]# LsCHANGELOG.txt        denyhosts.cfg-dist  plugins     scriptsdaemon-control-dist  LICENSE.txt         README.txt  setup.py

3.7, modify the DenyHosts boot required files (process files and configuration files) 3.7.1, generate denyhosts.cfg configuration file:
[email protected] denyhosts]# cat denyhosts.cfg-dist |grep-v "#" |grep-v "^$" > Denyhosts.cfg
3.7.2, modify the corresponding policy denyhosts.cfg file:
[email protected] denyhosts]# Cat Denyhosts.cfgsecure_log =/var/log/securehosts_deny =/etc/hosts.denypurge_deny = 20mblock_service  = Sshddeny_threshold_invalid = 1deny_threshold_valid = 10deny_threshold_root = 5DENY_THRESHOLD_ RESTRICTED = 1work_dir =/usr/share/denyhosts/datasuspicious_login_report_allowed_hosts=yeshostname_lookup=nolock_ FILE =/var/lock/subsys/denyhostsadmin_email = [EMAIL protected]smtp_host = Localhostsmtp_port = 25smtp_from = DenyHosts & Lt [Email protected]>smtp_subject = denyhosts reportage_reset_valid=5dage_reset_root=25dage_reset_restricted= 25dage_reset_invalid=10ddaemon_log =/var/log/denyhostsdaemon_sleep = 30sdaemon_purge = 1h

[[email protected] denyhosts]# mkdir-p/etc/denyhosts/[[email protected] denyhosts]# CP denyhosts.cfg/etc/denyhosts/
3.7.3, modify the denyhosts process file: after modifying the permissions and specifying the configuration file to be specified in the/etc/denyhosts directory

[[email protected] denyhosts]# CP daemon-control-dist daemon-control[[email protected] denyhosts]# chown root Daemon-control[[email protected] denyhosts]# chmod daemon-control[[email protected] denyhosts]# VI daemon-control[[ Email protected] ~]# grep denyhosts_cfg daemon-controldenyhosts_cfg   = "/etc/denyhosts/denyhosts.cfg"                Args.append ("--config=%s"% denyhosts_cfg)
3.8. Start the denyhosts as a system service:
[[email protected] denyhosts]# CP daemon-control/etc/init.d/denyhosts[[email protected] denyhosts]# chkconfig--add Denyhosts[[email protected] denyhosts]# chkconfig denyhosts on[[email protected] denyhosts]#/etc/init.d/denyhosts Startstarting denyhosts:    /usr/bin/env python/usr/bin/denyhosts.py--daemon--config=/usr/share/denyhosts/ Denyhosts.cfg

3.9. View the host IP address in the blacklist:
[[email protected] denyhosts]# cd[[email protected] ~]# tail-n 2/etc/hosts.deny# denyhosts:thu 20 14:45:00 2015 | sshd:118.187.17.119sshd:118.187.17.119

3.10. Add white list address for host:
If you need to add a specific IP to the whitelist, then please modify the/etc/hosts.allow.

Example: I added 202.101 to my hosts.allow file. 172.46 address to the whitelist of my system:

[Email protected] ~]# echo "sshd:202.101.172.46" >>/etc/hosts.allow




1th:

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

The solution to SSH anti-violence hack

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.