HPE Community
Operating System - HP-UX
1832757 Members
3141 Online
110045 Solutions
New Discussion

Protecting ssh server connections

 
SOLVED
Go to solution
ballans
Advisor

‎11-22-2006 09:17 PM

‎11-22-2006 09:17 PM

Protecting ssh server connections

Hi everybody,
My server is an HP-UX B.11.23 (trusted system).
This system is a pop server with ssh activated in order to login to the server from the outside (OpenSSH_4.1).
The problem is that we are victim of ssh attacks (dictionnary attack) and the consequence is that the root account is locked. All days, I have to reactivate my root account. In addition, it causes problem for maintennace operation...
In the sshd_config file I add the following line :
PermitRootLogin no
but it seems to not blocking the attempt...
So, I would like to block IP address which try to log on my ssh server with too many unsuccesfull attempt...
Could you please advice me for the best solution ? Maybe I found a way with the use of keep state in ipfilter. Is it a good solution in my case ?

Thanks in advance for your replies.
Herve
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎11-22-2006 09:57 PM

‎11-22-2006 09:57 PM

Solution

Re: Protecting ssh server connections

Shalom,

Options:
1) Install HP ipfilter from http://software.hp.com (its free) and set the system up to limit where ssh connections can come from.
2) Use a firewall to do the same thing.

We had the same problem with our web servers and stopped it by limiting inbound ssh to our 30 or so offices world-wide.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Steven E. Protter
Exalted Contributor

‎11-22-2006 09:58 PM

‎11-22-2006 09:58 PM

Re: Protecting ssh server connections

I forgot something.

I wrote an hp daemon that uses the syslog to detect invalid login attempts and block those IP's. If you want it, I can crank up a system with it and give it to you.

You may use my itrc profile to reach out to me for it. I think however my first approach is better.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Ivan Krastev
Honored Contributor

‎11-22-2006 10:42 PM

‎11-22-2006 10:42 PM

Re: Protecting ssh server connections

You can use also :

AllowUsers user1,user2,..., userx

in sshd_config

without root user.


regards,
ivan
0 Kudos
Reply
rariasn
Honored Contributor

‎11-22-2006 11:04 PM

‎11-22-2006 11:04 PM

Re: Protecting ssh server connections

Hi,

Modify file /etc/opt/ssh/sshd_config

permitRootLogin no

Restart sshd daemon.

rgs.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.