DreamCompute Security : SSH Hack Magnets

dreamcompute

#1

I now have three active DreamCompute instances, probably more to come. Logs show that inbound SSH connections are attempting to login to root every few seconds. I’m sure they’re just randomly polling IP addresses in the DH blocks. I’d like to lock it down so that the bad guys don’t even get that far in. I accidentally locked myself out of an instance once already, so I want to be careful when messing around with more rules or ufw.

I have a security group that includes all instances in my project, and now all instances include that group - so all instances are allowed to communicate with one another. (That’s kinda cool and I wonder if many other people know how that works.) Then I need to be able to get in from the DH DC panel, and my “mostly static” cable modem IP address.

So the scope of client IPs authorized to get into this little network is very limited.

Can anyone provide a good and current reference for hardening Ubuntu 16, maybe specifically within OpenStack or DreamCompute?

Thanks!


#2

To slow down those SSH brute force attempts, you can use fail2ban. A couple of other suggestions on:


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.