A lot of Web devs and App devs probably login to their VPS or Cloud Server with SSH very frequently to deploy their apps or maintain the server. Needing to type the password everytime could be crumblesome and insecure. I’ll show you how to how to setup password-less SSH login and some more practical usage. This article applies to Linux and Mac users.
In your machine, use the following command
Today I have found that there is an IP in Turkey keep trying to login to my server, and I’ve found that my current settings has no protection against this brute-force login, so I did a Google search on this and would like to share with you guys.
To check if your server is currently being attacked via ssh, use this command
> tcpdump port ssh
In CentOS, the sshd config is located at /etc/ssh/sshd_config, I have uncommented the following lines:
1 2 3 | LoginGraceTime 2m MaxAuthTries 6 PermitEmptyPasswords no |
you can also limit root access, allow only certain IP to access the ssh etc, however I’m using dynamic IP ISP and I’m used to root ssh access, so I only use these settings.
Relying only on sshd_config is not enough, the attack host still keep sending login requests and could possibly paralyse the network traffic of linux box. I need to find a way to