yum install fail2ban
service fail2ban start
chkconfig fail2ban on
vim /etc/fail2ban/fail2ban.conf
logtarget = /var/log/fail2ban.log
Comment the below line to disable email notification.
# sendmail-whois[name=SSH, dest=root, [email protected]]
Reference:
http://www.vixual.net/blog/archives/252
———- Local Machine ———-
1. Generate public key and private key
ssh-keygen -t rsa
2. Change .ssh folder permission
chmod 700 ~/.ssh
———- Remote Server ———-
1. Create authorized_keys file and change permission
mkdir ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
2. Copy id_rsa.pub content to ~/.ssh/authorized_keys
Reference:
https://om4.com.au/ssh-rsa-key-pairs-passphrases-leopard/
https://scotch.io/tutorials/how-to-setup-ssh-public-key-authentication
Step 1. Specifies the max. no. of login attempts per connection
vim /etc/ssh/sshd_config
MaxAuthTries 6
Step 2. Restart sshd
/etc/init.d/sshd restart
Step 3. Add rules to iptables (block each IP address for 300 seconds which establishe more than 10 connections within 300 seconds)
iptables -N SSHATTACK
iptables -A SSHATTACK -j LOG –log-prefix “iptables deny: ssh attack ” –log-level 7
iptables -A SSHATTACK -j DROP
iptables -A INPUT -i eth0 -p tcp -m state –dport 22 –state NEW -m recent –set
iptables -A INPUT -i eth0 -p tcp -m state –dport 22 –state NEW -m recent –update –seconds 300 –hitcount 11 -j SSHATTACK
Step 4. Save iptables
/etc/init.d/iptables save
Step 5. Create iptables.log
vim /etc/rsyslog.d/iptables.conf
:msg,contains,”iptables deny:” /var/log/iptables.log
& ~
Step 6. Define the log rotation policy and frequency for iptables.log
vim /etc/logrotate.d/iptables
/var/log/iptables.log {
daily
missingok
notifempty
rotate 7
size 25M
delaycompress
dateext
maxage 30
postrotate
invoke-rc.d rsyslog reload > /dev/null
endscript
}
Step 7. Restart rsyslog
/etc/init.d/rsyslog restart
References:
http://serverfault.com/questions/275669/ssh-sshd-how-do-i-set-max-login-attempts
http://bhira.net/iptables-for-centos/