Protection server SSH Dictionary Attacks

If you are running a Linux VPS, you’ll notice that bots will try to gain illegitimate access to your server through ssh. While this unsettles a lot of people, there’s really nothing to worry about as long as you don’t permit root logins (Many Linux distributions allow direct root login via ssh by default) and have a strong password policy.

About DenyHosts

DenyHosts monitors the authentication log for recent failed login attempts. It records information about their originating IP addresses and compares the number of invalid attempts to a user-specified threshold. If there have been too many invalid attempts it assumes a dictionary attack is occurring and prevents the IP address from making any further attempts by adding it to

/etc/hosts.deny

on the server.

DenyHosts 2.0 and later supports centralized synchronization, so that repeated offenders are blocked from many computers. Denyhosts.net gathers statistical information from machines that are running the software.
DenyHosts may be run manually, as a daemon, or as a Cron job.

Installing DenyHosts on a FreeBSD VPS server

1. In order to install DenyHosts run the command as root:

# cd /usr/ports/security/denyhosts && make install clean

2. Open /etc/rc.conf to add the lines

denyhosts_enable=”YES”
syslogd_flags=”-c”

3. Edit /etc/hosts.allow and add the lines

sshd : /etc/hosts.deniedssh : deny
sshd : ALL : allow

4. Make sure that the hosts.deniedssh file exists and has correct permissions:

touch /etc/hosts.deniedssh
chmod 644 /etc/hosts.deniedssh
chown root:wheel /etc/hosts.deniedssh

Edit

/usr/local/etc/denyhosts.conf

5. Run

# /usr/local/etc/rc.d/denyhosts start

Installing DenyHosts on Debian VPS

1. cd /tmp

2. Download the archive
wget

http://space.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz

3. Unpack tarball using the command

tar -xzf DenyHosts-2.6.tar.gz

4. Enter the root directory

cd DenyHosts-2.6

5. Run

python setup.py install

6. Create the  /usr/share/denyhosts/denyhosts.cfg  configuration file. We can use the sample configuration file /usr/share/denyhosts/denyhosts.cfg-dists:

cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg

Edit denyhosts.cfg with your favourite editor, such as vi.

7. If you want to run DenyHosts as a daemon, you will need the daemon control script /usr/share/denyhosts/daemon-control. You can use the sample script /usr/share/denyhosts/daemon-control-dist to create the file:

cp daemon-control-dist daemon-control

8. Edit /usr/share/denyhosts/daemon-control and make sure you set the correct values for DENYHOSTS_BIN, DENYHOSTS_LOCK, and DENYHOSTS_CFG. For Debian:

DENYHOSTS_BIN = “/usr/bin/denyhosts.py”
DENYHOSTS_LOCK = “/var/run/denyhosts.pid”
DENYHOSTS_CFG = “/usr/share/denyhosts/denyhosts.cfg”

9. Make this file executable:

chown root daemon-control
chmod 700 daemon-control

Create the system bootup links to start DenyHosts automatically when the system is booted:

cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts
update-rc.d denyhosts defaults

10. Start DenyHosts:

/etc/init.d/denyhosts start

See also:

denyhosts.sourceforge.net

  • Facebook
  • Digg
  • Google Gmail
  • MySpace
  • Yahoo Mail
  • WordPress
  • Reddit
  • Google Reader
  • Yahoo Bookmarks
  • Windows Live Spaces
  • Blogger Post
  • Ask.com MyStuff
  • Mixx
  • StumbleUpon
  • LinkedIn
  • Google Bookmarks
  • AOL Mail
  • Twitter
  • Share/Bookmark
Posted on April 6, 2010