SSH Last failed login: How to Improve security ??

[Peter_R]

Hello i have a fresh Host Edition Installation and it was runing for about a week.
This is my second time i logged in to my server using SSH this week, and i noticed alarming message.

"Last failed login: Sun Jan 31 22:32:35 EST 2016 from xxx.xxx.142.71 on ssh:notty
There were 42278 failed login attempts since the last successful login."

Looks like there are a lot of hits on my server SSH port.

How can i increase the security to prevent hacking or someone trying to abuse my ssh connection?
Any advise?

I am newbie.
Thanks

 

[IgorG]

Use Plesk fail2ban feature with sshd jail, for example - http://download1.parallels.com/Ples...inistrator-guide/index.htm?fileName=73381.htm

 

[Peter_R]

Thank you for your reply
very helpful

also would be ok to change SSH port under Centos7 ? or not recommende?
i wonder if port change might affect any Plesk Functionality ?

Thanks

 

[Holger]

Hi,

would be ok to change SSH port under Centos7

I've changed the ssh-Port to an unusual port (in /etc/ssh/sshd_config). I closed port 22 in the firewall an opened the "unusual" port.
Additional I add a "special" user with a normal shell (/bin/bash) who is allowed to login. "root" is disabled to login via ssh on default.

fail2ban is a good choice too. ;-)

best regards
Holger

 

[Peter_R]

Thank you i used fail2ban and seems to be under control , ips get banned and if someone is persistent i am adding their ip to block list on my Zywall