Insecure By Default
By Emmett on Wednesday, August 22 2007, 19:47 - Permalink
I never really paid much attention to the administration of SSH on my boxes. I figured debian probably set it up to be essentially secure by default.
While the algorithm is perfectly secure, there's a big problem. I was poking around my system logs after reading an article about someone else's box being compromised, and discovered multiple ip addresses trying to root passwords. Now, we have root login disabled on our boxes. But the fact that someone could just sit there guessing disturbed me greatly. What if someone actually wanted to break into our boxes? It's not like our usernames are highly obfuscated.
Turns out there's an easy solution:
$ sudo apt-get install denyhosts
Denyhosts blocks (temporarily) anyone who makes a sufficient number of failed login attempts. Why this behavior is not default, I am very unclear. Just whitelist your own ip to make sure you don't lock yourself out:
$ nano WORK_DIR/allowed-hosts
(look up the WORK_DIR in denyhosts.conf)
When I installed denyhosts it instantly locked out 4 people who were *currently* trying to crack our network. If you haven't considered installing it yourself, perhaps you should.