{"id":97,"date":"2009-05-30T09:58:53","date_gmt":"2009-05-30T07:58:53","guid":{"rendered":"http:\/\/sbskl.free.fr\/?p=97"},"modified":"2009-06-08T22:05:44","modified_gmt":"2009-06-08T20:05:44","slug":"augmenter-la-securite-dun-acces-ssh-et-autres","status":"publish","type":"post","link":"https:\/\/www.sbskl.com\/?p=97","title":{"rendered":"Augmenter la s\u00e9curit\u00e9 d’un acc\u00e8s SSH (et autres…)"},"content":{"rendered":"

L’acc\u00e8s SSH permet de se connecter sur une machine en toute s\u00e9curit\u00e9. Cependant des personnes malveillantes pourraient tenter de se connecter de fa\u00e7on brutale… En essayant par tentatives r\u00e9p\u00e9t\u00e9es jusqu’\u00e0 trouver le bon mot de passe !<\/p>\n

Pour calmer un peu leurs ardeurs, nous allons blacklister les adresses IP des machines qui tentent une telle attaque grace \u00e0 fail2ban<\/strong> !<\/p>\n

On commence par l’installation par synaptic ou en ligne de commande\u00a0:<\/p>\n

sudo apt-get install fail2ban<\/pre>\n
La configuration par d\u00e9faut bannie l’adresse apr\u00e8s trois tentatives pour une dur\u00e9e de dix minutes (600 secondes). Vous pouvez changer ces valeurs dans le fichier \/etc\/fail2ban\/jail.conf<\/strong> dans la section [ssh<\/strong>]\u00a0:<\/p>\n
bantime = 600\r\nmaxretry = 3<\/pre>\n
Notez qu’avec ce programme vous pouvez bannir les acc\u00e8s infructueux de nombreux services et pas seulement SSH (voir les autres sections du fichier).<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
L’acc\u00e8s SSH permet de se connecter sur une machine en toute s\u00e9curit\u00e9. Cependant des personnes malveillantes pourraient tenter de se connecter de fa\u00e7on brutale… En essayant par tentatives r\u00e9p\u00e9t\u00e9es jusqu’\u00e0 trouver le bon mot de passe !<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[6,15,16],"class_list":["post-97","post","type-post","status-publish","format-standard","hentry","category-linux","tag-administration","tag-reseau","tag-ubuntu"],"_links":{"self":[{"href":"https:\/\/www.sbskl.com\/index.php?rest_route=\/wp\/v2\/posts\/97","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sbskl.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sbskl.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sbskl.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sbskl.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=97"}],"version-history":[{"count":2,"href":"https:\/\/www.sbskl.com\/index.php?rest_route=\/wp\/v2\/posts\/97\/revisions"}],"predecessor-version":[{"id":215,"href":"https:\/\/www.sbskl.com\/index.php?rest_route=\/wp\/v2\/posts\/97\/revisions\/215"}],"wp:attachment":[{"href":"https:\/\/www.sbskl.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=97"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sbskl.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=97"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sbskl.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=97"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}