|
|
|
|
|
|
by greyfade
3921 days ago
|
|
|
If you configure your SSH server for a limited, secure set of ciphers and HMACs, these automated attacks won't even get to the point of attempting authentication. https://stribika.github.io/2015/01/04/secure-secure-shell.ht... Since following the above guide, my auth log has been filled with nothing but this: Sep 30 09:46:00 myserver sshd[74033]: fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com server hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com [preauth]
Of course, I can't use old SSH clients to connect, but it's a good tradeoff, IMO. |
|
|
There's only been a couple of remote ssh exploits (that I'm aware of) and both of them were stopped by white listing. If you can figure out your address ranges, I think it still makes sense to white list. I guess also the bots will catch up with modern ciphers.