3,789
edits
Changes
From Amahi Wiki
Secure SSH against brute force attacks (view source)
Revision as of 20:27, 28 August 2013
, 20:27, 28 August 2013no edit summary
This will allow a couple of failed SSH login attempts and then add a 60 second cool down. Effectively killing any interest in brute forcing the server in question.
Another tip is to disable root ssh access if you don't really need it since that is one of the most common user names used when brute forcing.
= Alternative Ports =
Another technique that can help reduce the automatic probes of the SSH port (port 22), is to use some alternative port. For instance, you could choose a port, say port 9988, and forward that (TCP) port from the outside of your router to your HDA's port 22. To connect to your HDA (in this example myhda.yourhda.com) from outside, you could then do:
ssh -p 9988 myhda.yourhda.com
If this gets old, you can avoid the -p in the client configuration. In Linux/Mac OS X systems, this can be done with the .ssh/config file, by adding:
Host myhda.yourhda.com
Port 9988
and you will not need to type the -p in ssh or other programs that use ssh, like rsync.
