• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1035
  • Last Modified:

SSH Lockdown

I recently had a break-in attempt via ssh on my server at home. I'm running Ubuntu 12.04 with openssh-server 1:5.9p1-5ubuntu1 package. I primarily use SSH on my cellphone which is running on T-Mobile's network. Is there anyway to only allow IP's from this provider? Is there maybe a better way for me to lock down my system?
1 Solution
You could change the port number that SSH listens on.
Jan SpringerCommented:
In your sshd_config:

Don't allow root login
Set for version 2 only
Configure 'AllowUsers' and specify usernames

And, if you can create a private/public key, upload your public key to the .ssh/authorized_keys2 file.

Run fail2ban.
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

I found that moving the port to a different number to be the quickest and simplest way.  It immediately stops attacks.  The next step is to install fail2ban for future attacks, in case someone finds your new port number.
kjenneyAuthor Commented:
Fail2ban is a great little app! I used all of jesper's recommendations, very helpful!
Just FYI. By default, Ubuntu prevents you from logging in as root, so blocking root login in sshd is redundant.

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now