centos secure root

Today when I logged in as "root" to my box via ssh I saw 459 failed attempts. . . how do I make it so that after 2 failed attempts - it will lock the  out ?
Starquest321Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Seth SimmonsConnect With a Mentor Sr. Systems AdministratorCommented:
you can use pam_tally to configure account lockout policy though i don't recommend for root

Locking User Accounts After Too Many Login Failures
http://www.puschitz.com/SecuringLinux.shtml#LockingUserAccountsAfterTooManyLoginFailures

probably a safer option is to disable ssh access for root which still allows for su and sudo

Security Tip: Disable Root SSH Login on Linux
http://www.howtogeek.com/howto/linux/security-tip-disable-root-ssh-login-on-linux/
0
 
Starquest321Author Commented:
Another option is to somehow set some verified IP's where we can SSH from . . .
0
 
gheistConnect With a Mentor Commented:
You can use public keys only for root:
man sshd_config
    PermitRootLogin
             Specifies whether root can log in using ssh(1).  The argument
             must be “yes”, “without-password”, “forced-commands-only”, or
             “no”.  The default is “yes”.

             If this option is set to “without-password”, password authentica-
             tion is disabled for root.

             If this option is set to “forced-commands-only”, root login with
             public key authentication will be allowed, but only if the
             command option has been specified (which may be useful for taking
             remote backups even if root login is normally not allowed).  All
             other authentication methods are disabled for root.

             If this option is set to “no”, root is not allowed to log in.

Selinux will prevent access to root's public key, so you need to make peace with it first before disabling password login

Also nice idea to add trusted users to wheel group and enable that groups sudo with visudo.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
serialbandConnect With a Mentor Commented:
Is this a public login server?  If not, change the default ssh port to something above 1024.  Don't use 22 if you don't want constant script kiddie brute force attempts.  Once they've discovered you, they'll keep attacking you from various IP addresses.

I've managed some public login servers and the logs are filled with password attempts on various accounts.  They eventually figure out your timeout period and come at you from multiple IPs and multiple servers.  I changed the ports on private servers to something other than port 22, and I get no attempts.
0
 
SandyConnect With a Mentor Commented:
Hardening needed here...

1. If password is quiet easy then change it to a complex one.
2. As Simmons suggested configure Account lockout
3. As Gheist suggested use public key to login
4. Modify the ssh port
5. Install software like HIDS to have eye on every single attempt to inject.

TY/SA
0
 
gheistConnect With a Mentor Commented:
3a use unprivileged accounts to ascend to root via sudo when needed....
0
All Courses

From novice to tech pro — start learning today.