SSH brute force prevention

Quote dari email MyCert

1) Make sure the OPENSSH you’re using is up-to-date with latest patches.
2) Utilize SSH key authentication.
3) Disable SSH to accounts/users that don’t need it, esspecially remote root logins.
4) Or filter SSH to allow only authorized IP Address sources.
5) Avoid using generic login accounts
6) Use strong passwords,at least 8 characters long consisting of numbers and letters both upper case and lower case. Consider changing the passwords regularly, for example every 2 weeks, or every month.
7) Consider using a script that blocks an ip through iptables after a certain amount of failures.

# Drop Semua ssh hackers - detect 5 atau lebih connection attempts dalam masa
# 60 saat reject selama 5 minutes
iptables -N BAD-SSH
iptables -A BAD-SSH -m recent –name badSSH –set -j LOG –log-level DEBUG –log-prefix “BAD SSH : ”
iptables -A BAD-SSH -j REJECT

iptables -N SSH
iptables -A SSH -p tcp ! –syn -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A SSH -p tcp –syn -m recent –name badSSH –rcheck –seconds 300 -j REJECT
iptables -A SSH -p tcp –syn -m recent –name sshconn –rcheck –seconds 60 –hitcount 5 -j BAD-SSH
iptables -A SSH -p tcp –syn -m recent –name sshconn –set
iptables -A SSH -p tcp –syn -j ACCEPT

dan jangan lupa add kat flush rules firewall anda:

iptables -F SSH
iptables -F BAD-SSH