| View previous topic :: View next topic |
| Author |
Message |
felixo
Tux's lil' helper
Joined: 31 Mar 2004
Posts: 88
|
 Posted: Tue Feb 08, 2005 8:03 pm Post subject: SSHD and security |
 |
|
Hello, I am getting many brute force attempts on my machine. This makes me semi nervous. I have followed most security measures mentioned here and on howto's.
I have but two questions:
1. How do I disable sshd logins attempts as root?. That is, how can I not allow root to login to the machine through sshd? Also, is this really something that can prevent a break in? if so, why?
2. How can I change which port sshd listens on?, and what port should that be? |
|
| Back to top |
|
 |
j-m
Retired Dev
Joined: 31 Oct 2004
Posts: 975
|
| Posted: Tue Feb 08, 2005 8:08 pm Post subject: Re: SSHD and security |
|
|
See /etc/ssh/sshd_config. Pretty self-explanatory. 
P.S. I moved SSH to port 222 and have not seen a single break-in attempt since then, so yes - it reduces the noise quite drastically. |
|
| Back to top |
|
|
justanothergentoofanatic
Guru
Joined: 29 Feb 2004
Posts: 337
|
| Posted: Tue Feb 08, 2005 9:11 pm Post subject: |
|
|
Why worry about it? It's the equivalent of a port scan. You'll be fine as long as you avoid silly username/password combinations.
-Mike |
|
| Back to top |
|
|
j-m
Retired Dev
Joined: 31 Oct 2004
Posts: 975
|
| Posted: Tue Feb 08, 2005 9:40 pm Post subject: |
|
|
| justanothergentoofanatic wrote: | Why worry about it? It's the equivalent of a port scan. You'll be fine as long as you avoid silly username/password combinations.
-Mike |
First, you probably cannot be sure about the passwords.
Second, it´s extremely annoying. I have my logs parsed every few hours on my servers and alerts sent by email.
YMMV.  |
|
| Back to top |
|
|
nightblade
Guru
Joined: 20 Jul 2004
Posts: 368
Location: back from SE Asia
|
| Posted: Tue Feb 08, 2005 11:18 pm Post subject: |
|
|
| j-m wrote: |
First, you probably cannot be sure about the passwords.
|
True. Even if passwords can be very secure, there is always room for improvement: certificates
_________________
In God we trust. All the others must provide a valid X.509 certificate |
|
| Back to top |
|
|
felixo
Tux's lil' helper
Joined: 31 Mar 2004
Posts: 88
|
| Posted: Wed Feb 09, 2005 12:51 am Post subject: hmm |
|
|
Certificates seems like overkill, and I am in charge of all the users on the machine, so passwords wont be a problem.
But I just hate the spam it generates in my logs :D
Thanks for your help guys. |
|
| Back to top |
|
|
nightblade
Guru
Joined: 20 Jul 2004
Posts: 368
Location: back from SE Asia
|
| Posted: Wed Feb 09, 2005 7:37 am Post subject: Re: hmm |
|
|
| felixo wrote: |
But I just hate the spam it generates in my logs 
|
Then, as mentioned already, just change the port that ssh listens on. It will fool all the automated scripts, since they scan port 22 only.
_________________
In God we trust. All the others must provide a valid X.509 certificate |
|
| Back to top |
|
|
CriminalMastermind
Tux's lil' helper
Joined: 19 Nov 2003
Posts: 132
Location: toronto
|
| Posted: Wed Feb 09, 2005 9:29 am Post subject: |
|
|
if the attempts are from the same ip's, and you know none of your users are ever going to log in from those ip's, then you could just block all traffic coming from those hosts using iptables.
just another option.
_________________
"I can picture a perfect world that knows of no war... and I can picture me attacking that world, because they'd never expect it." |
|
| Back to top |
|
|
nightblade
Guru
Joined: 20 Jul 2004
Posts: 368
Location: back from SE Asia
|
| Posted: Wed Feb 09, 2005 10:54 am Post subject: |
|
|
...or use portknocking...
yet another option...
_________________
In God we trust. All the others must provide a valid X.509 certificate |
|
| Back to top |
|
|
VoVaN
l33t
Joined: 02 Jul 2003
Posts: 701
Location: The Netherlands
|
| Posted: Wed Feb 09, 2005 12:12 pm Post subject: |
|
|
| nightblade wrote: | ...or use portknocking...
yet another option... |
I think that's *very* secure option. That's cool  Thank you for the advise. |
|
| Back to top |
|
|
nightblade
Guru
Joined: 20 Jul 2004
Posts: 368
Location: back from SE Asia
|
| Posted: Wed Feb 09, 2005 1:24 pm Post subject: |
|
|
| VoVaN wrote: |
I think that's *very* secure option. That's cool Thank you for the advise. |
Actually, for a *very* secure setup, you should also force sshd to work with SSHv2 only, because v1 is vulnerable to MITM attacks.
_________________
In God we trust. All the others must provide a valid X.509 certificate |
|
| Back to top |
|
|
felixo
Tux's lil' helper
Joined: 31 Mar 2004
Posts: 88
|
| Posted: Wed Feb 09, 2005 5:26 pm Post subject: |
|
|
if I change the Protocol 2,1 to just Protocol 2 I assume it will disable login attempts with sshv1, but what applications will not work with it anymore?
I need rsync over ssh to work, and putty too. |
|
| Back to top |
|
|
j-m
Retired Dev
Joined: 31 Oct 2004
Posts: 975
|
| Posted: Wed Feb 09, 2005 5:33 pm Post subject: |
|
|
| felixo wrote: | if I change the Protocol 2,1 to just Protocol 2 I assume it will disable login attempts with sshv1, but what applications will not work with it anymore?
I need rsync over ssh to work, and putty too. |
I have no problems with SSHv2 - rsync and putty definitely works... |
|
| Back to top |
|
|
felixo
Tux's lil' helper
Joined: 31 Mar 2004
Posts: 88
|
| Posted: Sun Feb 13, 2005 3:17 pm Post subject: |
|
|
thanks guys, made the changes you guys said and the brute force attacks have gone down! :D
Also using protocol 2 only seems very ideal.
I still cannot find where to disable root logins over ssh, its not in the ssh_config or man ssh_config file (I should say, I cant find it :( |
|
| Back to top |
|
|
j-m
Retired Dev
Joined: 31 Oct 2004
Posts: 975
|
| Posted: Sun Feb 13, 2005 3:19 pm Post subject: |
|
|
| felixo wrote: |
I still cannot find where to disable root logins over ssh, its not in the ssh_config or man ssh_config file (I should say, I cant find it  |
You need sshd_config 
Have a look at this post. |
|
| Back to top |
|
|
|
Networking & Security
