2011-07-04

SSHD 보안

SSHD를 어쩔 수 없이 외부에 공개를 해야하는 경우, 반드시 보안처리를 해야한다. 예상하는 것보다 상당히 많은 해킹시도를 하기 때문이다. 최소한 아래 2가지 처리는 해주면 그나마 좀 낫지 않을까? 그러나, 가능하다면, SSHD 포트를 열어주지 말고, VPN을 이용하기 바란다.


  • root 로그인 막기
    # vi /etc/ssh/sshd_config
PermitRootLogin no
# /etc/init.d/sshd restart
  • DenyHosts
    • Official Site
    • Install (CentOS)
      # yum install denyhosts
    • 동작 확인 : 어떤 IP를 통해서 로그인 실패하였는지 확인, 사실, denyhosts는 /var/log/secure 로그를 확인하여 처리하지만, lastb 로 확인하여도 그다지 상관없을 것이다.
      # lastb -i
root     ssh:notty    123.140.148.160  Mon Jul  4 06:49 - 06:49  (00:00)
root     ssh:notty    123.140.148.160  Mon Jul  4 06:49 - 06:49  (00:00)
root     ssh:notty    123.140.148.160  Mon Jul  4 06:49 - 06:49  (00:00)
root     ssh:notty    123.140.148.160  Mon Jul  4 06:49 - 06:49  (00:00)
root     ssh:notty    123.140.148.160  Mon Jul  4 06:49 - 06:49  (00:00)
root     ssh:notty    178.18.19.114    Sun Jul  3 14:17 - 14:17  (00:00)
root     ssh:notty    178.18.19.114    Sun Jul  3 14:17 - 14:17  (00:00)
root     ssh:notty    178.18.19.114    Sun Jul  3 14:17 - 14:17  (00:00)
root     ssh:notty    178.18.19.114    Sun Jul  3 14:16 - 14:16  (00:00)
root     ssh:notty    178.18.19.114    Sun Jul  3 14:16 - 14:16  (00:00)
root     ssh:notty    178.18.19.114    Sun Jul  3 14:16 - 14:16  (00:00)
root     ssh:notty    211.214.218.118  Sun Jul  3 10:00 - 10:00  (00:00)
root     ssh:notty    211.214.218.118  Sun Jul  3 10:00 - 10:00  (00:00)
root     ssh:notty    193.253.228.193  Sun Jul  3 06:05 - 06:05  (00:00)
root     ssh:notty    193.253.228.193  Sun Jul  3 06:04 - 06:04  (00:00)
wcostiga ssh:notty    195.70.27.20     Sun Jul  3 01:14 - 01:14  (00:00)
wcostiga ssh:notty    195.70.27.20     Sun Jul  3 01:14 - 01:14  (00:00)
root     ssh:notty    221.10.252.53    Sun Jul  3 01:14 - 01:14  (00:00)
jroyds   ssh:notty    195.70.27.20     Sun Jul  3 01:14 - 01:14  (00:00)
jroyds   ssh:notty    195.70.27.20     Sun Jul  3 01:14 - 01:14  (00:00)
root     ssh:notty    221.10.252.53    Sun Jul  3 01:14 - 01:14  (00:00)
cdimasci ssh:notty    195.70.27.20     Sun Jul  3 01:14 - 01:14  (00:00)
cdimasci ssh:notty    195.70.27.20     Sun Jul  3 01:14 - 01:14  (00:00)
root     ssh:notty    221.10.252.53    Sun Jul  3 01:14 - 01:14  (00:00)
goodrich ssh:notty    195.70.27.20     Sun Jul  3 01:14 - 01:14  (00:00)
root     ssh:notty    221.10.252.53    Sun Jul  3 01:14 - 01:14  (00:00)
goodrich ssh:notty    195.70.27.20     Sun Jul  3 01:14 - 01:14  (00:00)
root     ssh:notty    221.10.252.53    Sun Jul  3 01:14 - 01:14  (00:00)

btmp begins Sun Jul  3 01:14:34 2011
      차단 등록된 IP 확인
      # cat /etc/hosts.deny
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!


sshd: 221.10.252.53
sshd: 195.70.27.20
sshd: 193.253.228.193
sshd: 211.214.218.118
sshd: 178.18.19.114
sshd: 123.140.148.160


작성자: 체스의전설 시간: 오전 7:13
라벨: , ,

댓글 없음:

댓글 쓰기

피드 구독하기: 댓글 (Atom)