Force attacks against SSH
Lately i've been amazed how much attacks i encounter against my SSH port.I've been look at various solution to calm those annoyings intruders
I come up with few goods things that you might also do to protect further your logger :
- SSH keys
- Sshguard or Fail2ban
- Port knocking
First, i explain how i setup a simple while powerful protection with SSH keys. The aim is to allow only recognized computers to access your logger.
You'll need to create SSH keys pair on your client : one will be public, the other one private which must be stored securely. The private key have a passphrase.
On a Linux system, it's simple to do so with ssh-keygen -b 4096
On a Windows system, read that guide about PuTTYgen.
Then, you must copy your public key on your logger. On linux you can do so with ssh-copy-id email@example.com.
On Windows, you should log in and edit vi ~/.ssh/authorized_keys. Paste the public key into the authorized_keys file.
Once you do that, you can systemctl restart sshd and test if all is ok with the new ssh authentication :
From Linux : just log as usual
From Windows : In PuTTY, put your keys into Connection > SSH > Auth. In WinSCP Advanded > SSH > Authentication.
Edit /etc/ssh/sshd_config and set PasswordAuthentication no and then again systemctl restart sshd.
Beware, if you mess up you won't be able to remote access your logger, only a local access will be possible.
This would make your logger bullet proof to brute-force attacks
I'll explain Sshguard next.