Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

dropbear as safety-net ssh on different port, what USE vars?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jeffk
l33t
l33t


Joined: 13 Sep 2003
Posts: 671
PostPosted: Sat Dec 18, 2010 5:22 pm    Post subject: dropbear as safety-net ssh on different port, what USE vars? Reply with quote
I am seeing some indications of ssh brute-force attacks on my remote servers:
Code:
ssh_exchange_identification: Connection closed by remote host

I haven't enabled fail2ban yet for concern of being locked out if something doesn't work right.

I am passingly familiar with dropbear from using OpenWRT, and that seems like a good option to run as a secondary ssh on a different port, in case anything ever happens to openssh sshd.

Availability and security are prime concerns. I was considering USE=static, so that broken dependencies would not.

The following are the default USE vars for dropbear on my ~amd64, can any dropbear afficianados comment on what options work best for this use case?
Code:
# emerge dropbear -pv
[ebuild  N    ] net-misc/dropbear-0.52-r1  USE="pam syslog zlib -bsdpty -minimal -multicall -savedconfig -static"

Thanks.
Back to top
View user's profile Send private message
gerdesj
l33t
l33t


Joined: 29 Sep 2005
Posts: 622
Location: Yeovil, Somerset, UK
PostPosted: Sun Dec 19, 2010 10:46 pm    Post subject: Re: dropbear as safety-net ssh on different port, what USE v Reply with quote
I take it that you want a practically guaranteed way to get back in despite an update that takes out ssh. Also you want it to be a bit secure.

Some ideas:

Move your SSH to another port. That will drop most of the rubbish - it takes time to scan a system completely and these buggers don't have time.

Use Fail2Ban - its pretty good but also pretty useless against the distributed scanners - ie pretty much all of the ones in the wild. I've seen over 10 million machines used to do the scanning. Also smtp ...

Listen on two ports - 22 is a dummy and always fails, perhaps with a huge delay. The other one is the real one.

Use keys or kerberos and not just passwords.

Use dropbear and ssh on a different port with some of the above options.

Use OpenVPN and don't let ssh listen on the outside at all

Use OVPN + SSH on an outside port as well but not 22.

Etc etc etc

Cheers
Jon

PS - the last one is my choice. However I also have Puppet running on all my Gentoo boxes (30+) and once I did have a bit of a snag with ssh getting broken. I had to deploy xinetd.telnet to get back in! It has only happened the once in 7 years though (so far)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy