One of the biggest increases in attacks i’ve seen lately is brute force attacks on ssh.  Asside from any vulnerabilities your server may have, a misconfigured ssh service can wreak havoc on your system from brute force crackers.  I cannot tell you the number of attempts I’ve seen on machines that are open to the world for ssh that aren’t configured well. Malicious idiots are abundant in the world and they will try to attempt access to your box using whatever means necessary.  Many use tools called port scanners, and run them across a whole netblock (layments terms it’s a whole network such as an ISP).  They scan for hosts that are actively open to ssh (among other services) and log them.  They put them into their pool of machines to attack.  They stop at nothing to break in.  Without proper setup, given time, they will get in.

One of the most crucial single steps you can take to eliminate this type of attack is using secure keys.  It takes a mere minute or two to generate and once in place and configured, no matter how hard they try, they will not get in without your proper key.  In /etc/ssh/sshd_config file you want to change:

PermitRootLogin no

PubKeyAuthentication yes

PasswordAuthentication no

Generating an SSH key is simple, from a command line interface you can type:

$ ssh-keygen

It will ask you where you want to put the key, the default setting is a safe setting. (/home/<user>/.ssh/id_rsa)

It is kosher to use a password and safest practice! It is ok however to leave it blank however you want to ONLY transfer the public key to where you want to use it over an encrypted connection.  Also make sure that it doesn’t get to a public place that will be copied by anyone, such as a shared computer at a library, etc.

The only file you need then is the id_rsa.pub and you’re set.  Copy that file to your .ssh folder wherever you want to access your computer remotely and you’re all set.

There are plenty of great tools available too in case you want to keep password login functionality.  Utilities such as ‘denyhosts’ is a great program that watches your log file for brute force attempts and puts their location into a deny hosts file so they can no longer attempt to login.

That’s it for now, time does not permit for more details. I hope this helps all you out there with insecure ssh settings!