Home > Others

The solution to SSH anti-violence hack

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The solution to SSH anti-violence hack:

1, prohibit the root user ssh login, 1.1, modify Permitrootlogin: 
[[email protected] ~]# vi/etc/ssh/sshd_config[[email protected] ~]# grep root/etc/ssh/sshd_configpermitrootlogin no
   ### changes the default  #PermitRootLogin Yes to the setting of "Permitrootlogin Without-password".

1.2. Restart the SSHD service 
Stopping sshd:                                   [  OK  ]starting sshd:                                   [  OK  ]

2, modify the SSH default port 22;2.1, change the default port 22 to the custom 2020 port 
[[email protected] ~]# vi/etc/ssh/sshd_config[[email protected] ~]# grep port/etc/ssh/sshd_configport 2020    # Gatewayports No

2.2, the policy of adding 2020 ports in the firewall 
[[email protected] ~]# vi/etc/sysconfig/iptables[[email protected] ~]# grep 2020/etc/sysconfig/iptables-a input-p TCP- M state--state new-m TCP--dport 2020-j ACCEPT

2.3. Restart the firewall policy 
[Email protected] ~]#/etc/init.d/iptables Restart iptables:setting chains to policy accept:nat filter      [  ok
   
    ]iptables:flushing firewall rules:                         [  OK  ]iptables:unloading modules:                               [  OK  ]iptables: Applying firewall rules:                         [  OK  ]

2.4. Restart the SSHD service 
[Email protected] ~]#/etc/init.d/sshd restartstopping sshd:                                   [  OK  ]starting sshd:                                   [  OK  ]


highlights the third method: DenyHosts
3. Use the denyhosts process to restrict SSH sniffing; 3.1. Open a terminal, root login 
Login As:root[email protected] ' s password:last login:tue Jul 18:54:57 from 192.168.10.101[[email protected] ~]# Cat/etc/issuecentos Release 6.5 (Final) Kernel \ r on an \m
3.2. Increase system users 
[Email protected] ~]# useradd leekwen  [[email protected] ~]# passwd leekwenchanging password for user Leekwen. New Password:bad Password:it is based on a dictionary wordretype new Password:passwd:all authentication tokens updated S Uccessfully.

3.3, open another terminal, non-root login 
Login As:leekwen[email protected] ' s password:last login:tue Apr 21:27:26 from 192.168.10.100
3.4. Switch to root account 
[Email protected] ~]$ su-root Password:

3.5. Download DenyHosts File 
[Email protected] ~]# wget-c http://nchc.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/denyhosts-2.6.tar.gz[ [email protected] ~]# ls denyhosts-2.6.tar.gzdenyhosts-2.6.tar.gz
3.6. Unzip and install 
[[Email protected] ~]# tar zxf denyhosts-2.6.tar.gz[[email protected] ~]# CD Denyhosts-2.6[[email protected] DenyHosts-2. 6]# python setup.py install[[email protected] denyhosts-2.6]# Cd/usr/share/denyhosts/[[email protected] denyhosts]# LsCHANGELOG.txt        denyhosts.cfg-dist  plugins     scriptsdaemon-control-dist  LICENSE.txt         README.txt  setup.py

3.7, modify the DenyHosts boot required files (process files and configuration files) 3.7.1, generate denyhosts.cfg configuration file: 
[email protected] denyhosts]# cat denyhosts.cfg-dist |grep-v "#" |grep-v "^$" > Denyhosts.cfg
3.7.2, modify the corresponding policy denyhosts.cfg file: 
[email protected] denyhosts]# Cat Denyhosts.cfgsecure_log =/var/log/securehosts_deny =/etc/hosts.denypurge_deny = 20mblock_service  = Sshddeny_threshold_invalid = 1deny_threshold_valid = 10deny_threshold_root = 5DENY_THRESHOLD_ RESTRICTED = 1work_dir =/usr/share/denyhosts/datasuspicious_login_report_allowed_hosts=yeshostname_lookup=nolock_ FILE =/var/lock/subsys/denyhostsadmin_email = [EMAIL protected]smtp_host = Localhostsmtp_port = 25smtp_from = DenyHosts & Lt [Email protected]>smtp_subject = denyhosts reportage_reset_valid=5dage_reset_root=25dage_reset_restricted= 25dage_reset_invalid=10ddaemon_log =/var/log/denyhostsdaemon_sleep = 30sdaemon_purge = 1h

[[email protected] denyhosts]# mkdir-p/etc/denyhosts/[[email protected] denyhosts]# CP denyhosts.cfg/etc/denyhosts/
3.7.3, modify the denyhosts process file: after modifying the permissions and specifying the configuration file to be specified in the/etc/denyhosts directory 

[[email protected] denyhosts]# CP daemon-control-dist daemon-control[[email protected] denyhosts]# chown root Daemon-control[[email protected] denyhosts]# chmod daemon-control[[email protected] denyhosts]# VI daemon-control[[ Email protected] ~]# grep denyhosts_cfg daemon-controldenyhosts_cfg   = "/etc/denyhosts/denyhosts.cfg"                Args.append ("--config=%s"% denyhosts_cfg)
3.8. Start the denyhosts as a system service: 
[[email protected] denyhosts]# CP daemon-control/etc/init.d/denyhosts[[email protected] denyhosts]# chkconfig--add Denyhosts[[email protected] denyhosts]# chkconfig denyhosts on[[email protected] denyhosts]#/etc/init.d/denyhosts Startstarting denyhosts:    /usr/bin/env python/usr/bin/denyhosts.py--daemon--config=/usr/share/denyhosts/ Denyhosts.cfg

3.9. View the host IP address in the blacklist: 
[[email protected] denyhosts]# cd[[email protected] ~]# tail-n 2/etc/hosts.deny# denyhosts:thu 20 14:45:00 2015 | sshd:118.187.17.119sshd:118.187.17.119

3.10. Add white list address for host:
If you need to add a specific IP to the whitelist, then please modify the/etc/hosts.allow.
Example: I added 202.101 to my hosts.allow file. 172.46 address to the whitelist of my system: 

[Email protected] ~]# echo "sshd:202.101.172.46" >>/etc/hosts.allow




1th:

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

The solution to SSH anti-violence hack

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
wordpress anti hack plugin how to hack voicemail how to hack php how to hack vps how to hack chromebook how to hack comcast how to hack wifi

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More