如何防止 ssh 遭受暴力攻击?

如何防止 ssh 遭受暴力攻击?

我正在运行 centos。如何才能最好地避免对我的 ssh 服务器的暴力攻击?

我找到了这个列表:

DenyHosts is a Python based security tool for SSH servers. It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses.
Explains how to setup DenyHosts under RHEL / Fedora and CentOS Linux.
Fail2ban is a similar program that prevents brute force attacks against SSH.
security/sshguard-pf protect hosts from brute force attacks against ssh and other services using pf.
security/sshguard-ipfw protect hosts from brute force attacks against ssh and other services using ipfw.
security/sshguard-ipfilter protect hosts from brute force attacks against ssh and other services using ipfilter.
security/sshblock block abusive SSH login attempts.
security/sshit checks for SSH/FTP bruteforce and blocks given IPs.
BlockHosts Automatic blocking of abusive IP hosts.
Blacklist Get rid of those bruteforce attempts.
Brute Force Detection A modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format.
IPQ BDB filter May be considered as a fail2ban lite.

有谁有过这些经验吗?

答案1

Fail2Ban非常适合自动禁止使用 iptables 多次尝试访问某些服务失败的主机。即使您最终以某种方式禁止了自己,您仍然可以获得新的 IP(带有 ssh 客户端的手机就可以了)并取消对自己的禁止。

指导通过 Google 等搜索引擎找到的应该可以帮助您快速进行设置。

正如 HayekSplosives 在他的回答中指出的那样,切换到非标准的高端口会大有帮助,因为大多数攻击者在扫描大范围 IP 时都会运行基本端口扫描以节省时间。我看到从 22 切换到 40000+ 端口的访问尝试次数大幅下降。

答案2

CentOS 有 iptables。

http://wiki.centos.org/HowTos/Network/IPTables

1.) 您可以将 CentOS 配置为丢弃来自除受信任的(您的) IP 地址之外的任何人的数据包。

2.) 您可以配置 ssh 来监听非标准端口。大多数攻击来自其他受感染系统上的自动脚本。在 /etc/ssh/sshd_config 中编辑此文件

3.) 您可以将密码验证设置为“否”,并在服务器上安装您机器的 ssh 密钥。

答案3

看一下pam_shield. 它会完全阻止登录尝试失败次数过多的 IP 地址。

相关内容