...
Normally having permit root login in ssh in Ubuntu is not a security issue. Root is simply disabled in the OS. In this example, we are using a hosted Ubuntu system where the automated setup has the root account is enabled. This is dangerous because there are attackers out there looking for Unix/Linux boxes and trying to login via ssh using the username root and then a list of common passwords.
| Note |
|---|
I do not going down the route of like disabling the root account as this might break the hosted Ubuntu setup. For example, Slice's or Rackspace special terminal console login might stop working. In any event, the vector of attack is SSH login. To prevent users from using root, well don't provide the root password and provide sudo privileged accounts as shown in this article. |
Connect to SSH as a staff user and edit sshd_config,
...
Fail2ban makes this kind of attack not worthwhilemore difficult. After a chosen number of failed login attempts from the same ip address, fail2ban blocks that ip address for a set period of time. As constantly changing ip addresses is not a trivial task, the attacker will may move on to another system.
HOWEVER, you can still be compromised within a few days if you are only using username and password authentication. If your SSH authentication is available on the Internet, you must switch to SSH Key Authentication as soon as possible.
| Code Block | ||
|---|---|---|
| ||
sudo apt-get install fail2ban |
...
According to the developers, Fail2ban version 0.9 will include an unban command through it's own client program.