One technique to securing OpenSSH is filter some hosts that allowed to access your server through SSH. This technique will prevent us from openSSH brute force attack. To filter some hosts that allow to connect from port 22 (SSH port), we can use firewall. You can use whether ConfigServer Security & Firewall or denyhosts. Both are free to use. To use CSF you may need to have cPanel for easy configuration. So now let’s choose denyhosts instead.
[quote]DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).[/quote]
To install denyhosts on Ubuntu server to securing openssh is easy, since it available in Ubuntu repository:
sudo apt-get install denyhosts
After installation you can tweak denyhosts configuration under /etc/denyhosts.conf
#if you want to receive email for new blocked host ADMIN_EMAIL = [email protected]
And now we need to edit our /etc/hosts.allow to make sure that our hosts won’t blocked:
vim /etc/hosts.allow #insert sshd: 192.168.1.0/255.255.255.0 sshd: 192.168.10.5/25
Save and restart denyhosts service:
/etc/init.d/denyhosts restart
This is just a prevention technique securing openSSH connection by filtering host access. It’s not enough to secure your SSH line but enough to start with. There are still more work to do securing openssh. I will write more, so stay tune.