Port knocking and listening on a high numbered non-standard port. make it harder for an attacker to even start trying to hack your connection. But this also requires you connect with a machine that you have the knock program installed on. Again, less convenient, more secure.
However, once an attacker does find your port there's nothing to stop brute force password hacking. If you look in your log file, you should see people connecting to your ssh port quite frequently and trying password attacks.
cat /var/log/auth.log
If you have a secure password then it would require days of brute force hacking to gain access to your ssh account, but even so, if you don't watch your logs then it's perfectly possible somebody will gain access eventually.
Brute force attacks can be limited using fail2ban. There's a great article on setting it up here. This program will scan your auth.log for you, using a regular expression to find failed password attempts. On a specified number of failures from a given IP, it will then modify the iptables on your machine (the firewall), to lock that IP out for a specified time.
Now instead of watching your auth.log fill up with reams of failed passwords, you'll see a greatly reduced amount of brute force attacks, and you can watch your fail2ban log file fill up with the IP addresses of hackers.
3 comments:
I just checked and break-in attempts have been happening all night for lord knows how long! Thanks for the tip.
It's sure nice to watch the list of people being banned instead of the list of people hitting your machine every few seconds.
Post a Comment