Preventing SSH password cracking

SSH password cracking

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.The best known example application is for remote login to computer systems by users.

SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2. via_Wiki

Brute force attack
A password and cryptography attack that does not attempt to decrypt any information, but continue to try a list of different passwords, words, or letters. For example, a simple brute-force attack may have a dictionary of all words or commonly used passwords and cycle through those words until it gains access to the account. A more complex brute-force attack involves trying every key combination until the correct password is found. Due to the number of possible combinations of letters, numbers, and symbols, a brute force attack can take a long time to complete. The higher the type of encryption used (64-bit, 128-bit or 256-bit encryption), the longer it can take.
Although a brute-force attack may be able to gain access to an account eventually, these attacks can take several hours, days, months, and even years to run. The time to complete an attack depends on the password, the strength of the encryption, how well the attacker knows the target, and the strength of the computer(s) used to conduct the attack.

Prevent dictionary brute-force attacks

  • Recommend that you use ECS or other VPS webmasters do not set the password length is lower than 12, but also digital, uppercase and lowercase letters, symbols, mixed composition, to ensure security.
    Advantages: do not need to operate the server, you can directly in Ali cloud and other VPS page change.
    Disadvantages: If a hacker perseverance, sooner or later, can try out.
  • The SSH port terminal services as modified by the 22 other ports to prevent direct hacker attacks your server password guess solution
    First, modify the configuration file
    vi /etc/ssh/sshd_config
    Find # Port 22 section, here is the default use of port 22, modified as follows:
    Port 22
    Port 60000
    Then save and exit
    /etc/init.d/sshd restart
    Such SSH port will work simultaneously with 22 and 60000.
    Now edit the firewall configuration:
    vi /etc/sysconfig/iptables
    Enable port 60000
    /etc/init.d/iptables restart
    Now use the ssh tool to connect to the 60000 port to test the success. If the connection is successful, then edit the sshd_config settings, will be inside the Port 22 deleted. The reason is set to two ports, the test is successful and then close a port, is to modify the way conf in the process, in case of dropped lines, broken network, misuse and other unknown circumstances, but also through another port connection Up debugging, so as not to occur on the connection does not bring more trouble.
    Note: The port value ranges from 0 to 65535 (2 to 16), and 0 to 1024 is the port used by the system, such as port 80 of the http service. We can use the port range: 1024 to 65535 (not more than this range), this is the socket specified. Use the second method also need to set the password for the method of a said, so that the site server more secure.
    Advantages: safety coefficient  Disadvantages: cumbersome operation.