Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] remote access to server
- Date: Sat, 3 Jun 2017 11:46:47 +0200
- From: Attila Kinali <attila@example.com>
- Subject: Re: [tlug] remote access to server
- References: <1a3aa51d-c95d-a22e-3d3d-4e931f4bfd38@me.scn-net.ne.jp> <44b3dcf48ba9ae82094aebbdf1cd2229@jp.sometwo.net>
- Organization: NERV
Moin/今日は/Merhaba,
On Sat, 03 Jun 2017 14:59:49 +0900
Furkan Mustafa <furkan@example.com> wrote:
> * Disable password login from /etc/ssh/sshd_config and use only public
> key authentication.
/etc/ssh/sshd_config:
PasswordAuthentication no
UsePAM no
PAM needs to be disabled as well, becaues in most configurations
it allows password authentication.
> * Install fail2ban
Does not help as much as I hoped it would.
A lot of the password scans today are distributed from whole
subnets, which fail2ban doesn't really capture (even though
it has an option for this). I usually periodically grep
through my /var/log/auth.log and see which of the subbnets
pop up often:
grep AllowUsers /var/log/auth.log.1|awk '{print $9}'|awk -F\. '{print $1"."$2"."$3}' | sort |uniq -c|sort -g
grep "Received disconnect" /var/log/auth.log.1|awk '{print $9}'|awk -F\. '{print $1"."$2"."$3}' | sort |uniq -c|sort -g
Yes, this is not optimal, and it could be automated a bit by matching
IP adresses to asigned ranges using whois or even to AS. But it works
well enough for me :-)
> * They won't be guessing your username/password. These kids try this
> forever. No need to worry IMHO.
They are also trying to exploit known bugs in ssh. There are still
many systems out there that have not seen an update in years and
are vulerable. Keep your system up to date!
> * Also, changing your ssh port from 22 to something else reduces this
> almost down to zero.
Not anymore. Script kiddies started to run nmap and port authentification
a couple of years ago.
> * Also, some people install tor to their servers, and publish their ssh
> access as a tor hidden service, and connect to their servers over tor.
> Only if you need to go extreme I guess.
Now that's an interesting approach.
I have to look into that :-)
Attila Kinali
--
You know, the very powerful and the very stupid have one thing in common.
They don't alters their views to fit the facts, they alter the facts to
fit the views, which can be uncomfortable if you happen to be one of the
facts that needs altering. -- The Doctor
- References:
- [tlug] remote access to server
- From: Kevin Sullivan
- Re: [tlug] remote access to server
- From: Furkan Mustafa
- [tlug] remote access to server
- Prev by Date: Re: [tlug] remote access to server
- Next by Date: Re: [tlug] remote access to server
- Previous by thread: Re: [tlug] remote access to server
- Next by thread: [tlug] remote access to server
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |