brute
SSH Login Timeout – Password Authentication
Feb 6th
SSH login timeouts are not very effective at preventing unauthorized login attempts. Most ssh attacks are scripted attached launched by automatic mechanisms. The scripts most likely will use dictionary based brute force attacks that insert the password very quickly. Setting the login timeout very low will most likely not prevent such scripted attacks, and will only hinder the ability for a legitimate user to login successfully within the allocated amount of time. Set the login timeout to 60 seconds; I have set it to 5 seconds and it only caused problems for actual user logins.
Gnome Session Over SSH
Sep 5th
This is a cool one, far better than just a vnc connection. Even better than an X11vnc connection. Head over to another tty, lets say tty2: (cntrl)(alt)f2. Login, and start another X session: xinit -- :1 A minimal X session will start. Now login via ssh to your server. For example I login with this: ssh -X -C 192.168.0.1 Where -X forwards the X session, -C uses compression, and 192.168.0.1 is an example IP address of a server. If your sever is hosting a website using a domain, you can point the ssh connection at the domain. Also I recommend using rsa keys for the ssh connection, as it prevents brute force password attacks. For more information check here: http://www.bgevolution.com/blog/ssh-brute-force-protection/ After logged in via ssh start your Gnome desktop with: gnome-session Your desktop will start just as if you were sitting in front of your computer. Some things wont work like the notifications panel, because one is already launched on the server desktop. Other gnome panel applets may not launch, but your desktop overall will work.
DOS and Brute Force Prevention Using Fail2ban
Mar 16th
Dealing with dos and brute force attacks can be a daunting challenge. You can manually adjust your firewall to block particular ip addresses, but why not automate the process? What if a program can monitor your authentication, and other log files for suspicious activity? In these log files is a tremendous amount of info about failed login attempts, and how many times an ip address connects to your web server. Using this information a program can automatically adjust your firewall to block the offending ip addresses. Fail2ban does just this. The program automatically monitors the log files of many programs. Most important is apache, and ssh. http://www.fail2ban.org/wiki/index.php/Main_Page
