Today I have found that there is an IP in Turkey keep trying to login to my server, and I’ve found that my current settings has no protection against this brute-force login, so I did a Google search on this and would like to share with you guys.
To check if your server is currently being attacked via ssh, use this command
> tcpdump port ssh
In CentOS, the sshd config is located at /etc/ssh/sshd_config, I have uncommented the following lines:
you can also limit root access, allow only certain IP to access the ssh etc, however I’m using dynamic IP ISP and I’m used to root ssh access, so I only use these settings.
Relying only on sshd_config is not enough, the attack host still keep sending login requests and could possibly paralyse the network traffic of linux box. I need to find a way to