Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

OpenSSH hardening - brute-force protection, block bots via cipher settings

ushellnotpass# tail -n 7 /etc/ssh/sshd_config
KexAlgorithms           curve25519-sha256@libssh.org
HostKeyAlgorithms       ssh-ed25519
Ciphers                 chacha20-poly1305@openssh.com
MACs                    hmac-sha2-512-etm@openssh.com

If you do that, you will find some of your usual botnet friends failing during preauth.

May 3 14:33:40 ushellnotpass sshd[123]: 
Unable to negotiate with 58.242.83.XX port 51697: no matching key exchange method found. 
Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]

Well then... 白白

  • No labels

Content by https://www.because-security.com/
📧 https://www.because-security.com/contact