If you manage one or more servers, chances are you employ SSH for remote management of that server. If you’ve checked the logs for your SSH server (you do check your logs, don’t you?), chances are you’ve seen plenty of these:
Mar 21 12:25:15 odin sshd[28010]: Did not receive identification string from 61.184.104.106
Mar 21 12:29:32 odin sshd[28011]: Invalid user webmaster from 61.184.104.106
Mar 21 12:29:33 odin sshd[28011]: pam_unix(sshd:auth): check pass; user unknown
Mar 21 12:29:33 odin sshd[28011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.184.104.106
Mar 21 12:29:35 odin sshd[28011]: Failed password for invalid user webmaster from 61.184.104.106 port 53329 ssh2
Mar 21 12:29:41 odin sshd[28013]: User root from 61.184.104.106 not allowed because none of user's groups are listed in AllowGroups
Mar 21 12:29:41 odin sshd[28013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.184.104.106 user=root
Mar 21 12:29:43 odin sshd[28013]: Failed password for invalid user root from 61.184.104.106 port 56109 ssh2
Mar 21 12:29:45 odin sshd[28015]: Invalid user ftp from 61.184.104.106
Mar 21 12:29:45 odin sshd[28015]: pam_unix(sshd:auth): check pass; user unknown
Mar 21 12:29:45 odin sshd[28015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.184.104.106
Mar 21 12:29:47 odin sshd[28015]: Failed password for invalid user ftp from 61.184.104.106 port 59859 ssh2
There’s countless ill-intentioned folks out there who would love to gain access to your system. SSH is a great doorway, all they need to do is find the key; hopefully they haven’t (but if they had, would you know?), and today I’m going to show you 4 ways to keep your server safe. I won’t harangue you on strong passwords or using public keys instead of passwords; instead, I’ll show you other measures you can take to improve the security of those mechanisms. (more…)