paddymac Posted November 8, 2015 Report Share Posted November 8, 2015 I recently set up a spare computer at my home to be a media server and so I can log in remotely via ssh. I have a dynamic DNS account set up so I don't have to know my IP address. Anyway, I turned on the monitor attached to it and saw that there had been a few apparently failed login attempts via ssh from a few IP addresses. I looked them up via Google, and they were from Canada, Vietnam, and China. It made me wonder if I ought to take some extra security measures since I have port 22, 80, 443, and 25565 currently exposed to the internet. Does anyone have any suggestions for measures I ought to take? Link to comment Share on other sites More sharing options...
j-g- Posted November 8, 2015 Report Share Posted November 8, 2015 2 factor authentication with passoword + public keys, also the google authenticator is anther nice options for 2 factor, there's tutorials out there on how to do this. But basically is about to set the AthenticationMethods variable in sshd_confing in the order in wich you require them, you can also use 2 public keys. Also reevaluate if you really need 80, and maybe setup some authentication at the http server level so It's more private. Link to comment Share on other sites More sharing options...
Philipp Ludwig Posted November 11, 2015 Report Share Posted November 11, 2015 You may also consider installing fail2ban, a small tool which blocks clients that supply failed login requests too often. Link to comment Share on other sites More sharing options...
uudruid74 Posted November 12, 2015 Report Share Posted November 12, 2015 Another similar tool to fail2ban is sshguard, but you might to just get a list of Chinese IPs and permanently block them all. More about me at https://eddon.systems Link to comment Share on other sites More sharing options...
Recommended Posts