[mdlug] Restricted Remote Access Script

[David Favro]

Michael S. Mikowski wrote:
> My remote machine is getting hit with 1500+ dictionary 
> login attempts per day, and I think its time to consider 
> locking down ssh.
>   
I'm not the OP but I can tell you that I used to get hammered, then
changed my sshd to a non-traditional port, and the attack attempts
dropped to essentially 0.  Simple but effective.

I've never heard of this "reverse ssh": googling on it turns up a lot of
matches for a  tunneling procedure described here:
http://gentoo-wiki.com/TIP_SSH_Reverse_Tunnel
that isn't for security but rather overcoming firewalls, and I think
that there are much better ways to do this (e.g. OpenVPN over UDP to an
unblocked port such as DNS).  If this *is* what the OP described, this
type of tunneling (TCP inside TCP) will result in very bad performance
if you get any significant packet loss, *and* it requires an
intermediate "proxy" machine, *and* it doesn't increase your security
any more than just changing the port that sshd listens on, which is to
say, not much at all in any absolute sense.  If that's *not* what the OP
described, please forward it to the list, because I'm interested.

Whatever your solution, however, you shouldn't rely on not seeing people
doing dictionary attacks (e.g. because you change the port or do this
"reverse" procedure) as your security: your sshd should be able to
withstand dictionary attacks.  Consider disallowing password logins, and
rely on ssh's public-key authentication instead.  I didn't like getting
hammered with login attempts because it ate network and computer
resources, and there's no need to encourage people to try, but I'm not
nervous if they do, I don't think they will get in -- but of course,
there are no absolutes in security: the only truly secure computer is
turned off and kept in a bank vault! :-)

Cheers,
David