Modify config in /etc/ssh or ssh_config to disable support for legacy protocols. Look for the 'Protocol 2,1' line and remove the ver 1 protocol.
Also set 'PermitRootLogin no' and 'MaxAuthTries 3'
After the changes have been made run:
service ssh restart
View attack activity by looking at /var/log/auth. If you see a particular IP that keeps attacking, put an entry in /etc/hosts.deny
You can automate this process by installing the DenyHosts package. Edit it's config in /etc/denyhosts.conf and change DENY_THRESHOLD_INVALID from 5 to 2
No comments:
Post a Comment