Prevent Brute Force SSH Attacks on Centos 4 VPS with Plesk

Support for security such as Firewalls and securing linux
vps76004
Posts: 5
Joined: 2008/06/13 06:00:28

Prevent Brute Force SSH Attacks on Centos 4 VPS with Plesk

Postby vps76004 » 2008/08/26 01:52:09

Hello,

I have Centos 4 VPS with Plesk installed and wanted to know the simplest way to prevent brute force SSH attacks.

The VPS has python version 2.3.4 installed.

Thanks

User avatar
toracat
Forum Moderator
Posts: 7230
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: Prevent Brute Force SSH Attacks on Centos 4 VPS with Plesk

Postby toracat » 2008/08/26 03:59:53

Check out this mailing list therad (caution: very long):

http://lists.centos.org/pipermail/cento ... 61368.html

You'll find this one in that thread:

http://lists.centos.org/pipermail/cento ... 61376.html

kylehase
Posts: 25
Joined: 2006/05/13 07:23:58
Contact:

Prevent Brute Force SSH Attacks on Centos 4 VPS with Plesk

Postby kylehase » 2008/09/22 09:06:28

It may sound too simple but just changing the port from 22 to a non-ephemeral high port eliminated brute force attacks on my server. I guess it's not effective for bots to scan ports above a certain number. If they did they'd get an SSH reply on my server but I have yet to see a brute force attempt and it's been 3 years now.

Of course you should still use keys and a good passphrase.

Also remember to open the port on your firewall before restarting SSH. Your existing connection should remain connected while you restart SSHd but it's safer to open the new port and create a new SSH session before closing the first connection. Here's what I mean.

Login via ssh
edit your sshd_config port number
edit your IPtables or other firewall to allow connections from the new port
restart iptables or reload the config
restart sshd
create a new ssh connection
If that works then you can disconnect completely