我正在运行 centos。如何才能最好地避免对我的 ssh 服务器的暴力攻击?
我找到了这个列表:
DenyHosts is a Python based security tool for SSH servers. It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses.
Explains how to setup DenyHosts under RHEL / Fedora and CentOS Linux.
Fail2ban is a similar program that prevents brute force attacks against SSH.
security/sshguard-pf protect hosts from brute force attacks against ssh and other services using pf.
security/sshguard-ipfw protect hosts from brute force attacks against ssh and other services using ipfw.
security/sshguard-ipfilter protect hosts from brute force attacks against ssh and other services using ipfilter.
security/sshblock block abusive SSH login attempts.
security/sshit checks for SSH/FTP bruteforce and blocks given IPs.
BlockHosts Automatic blocking of abusive IP hosts.
Blacklist Get rid of those bruteforce attempts.
Brute Force Detection A modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format.
IPQ BDB filter May be considered as a fail2ban lite.
有谁有过这些经验吗?
答案1
答案2
CentOS 有 iptables。
http://wiki.centos.org/HowTos/Network/IPTables
1.) 您可以将 CentOS 配置为丢弃来自除受信任的(您的) IP 地址之外的任何人的数据包。
2.) 您可以配置 ssh 来监听非标准端口。大多数攻击来自其他受感染系统上的自动脚本。在 /etc/ssh/sshd_config 中编辑此文件
3.) 您可以将密码验证设置为“否”,并在服务器上安装您机器的 ssh 密钥。
答案3
看一下pam_shield. 它会完全阻止登录尝试失败次数过多的 IP 地址。