USA Linux Users Group Forum Index
Log in Register FAQ Memberlist Search USA Linux Users Group Forum Index Album

SSH / Port 22 scans on the rise.....

 
Post new topic   Reply to topic   printer-friendly view    USA Linux Users Group Forum Index » System Administration and Security
View previous topic :: View next topic  
Author Message
crouse
Site Admin


Joined: 17 Apr 2024
Posts: 11833
Location: Iowa
PostPosted: Tue May 13, 2024 5:57 pm    Post subject: SSH / Port 22 scans on the rise..... Reply with quote
According to some articles
Brute-force SSH Attacks on the Rise
http://isc.sans.org/diary.html?storyid=4408
http://www.dshield.org/port.html?port=22

So, make SURE you have hardened your ssh/port 22 Wink

FWIW, you can edit your ssh config file and make your ssh sessions much more secure.

On my Arch system the file is located : /etc/ssh/sshd_config

1. Disable ROOT logins
2. Change ssh to something OTHER than port 22
3. Set maximum login attempts
4. Set allowed users
5. If you have only a few IP's that log INTO your machine, only allow those IP's
6. Disable password logins and only allow private key logins

There are even more options to explore in your ssh config file, I suggest you do Wink The items in bold I view as VERY important to do.



_________________
Veronica - Arch Linux 64-bit -- Kernel 2.6.33.4-1
Archie/Jughead - Arch Linux 32-bit -- Kernel 2.6.33.4-1
Betty/Reggie - Arch Linux (VBox) 32-bit -- Kernel 2.6.33.4-1
BumbleBee - OpenSolaris-SunOS 5.11
Back to top
View user's profile Send private message Visit poster's website AIM Address
JP
Linux Guru


Joined: 07 Jul 2024
Posts: 6670
Location: Central Montana
PostPosted: Wed May 14, 2024 12:51 am    Post subject: Reply with quote
Thanks crouse. I've only got a couple of questions ..... most of my /etc/ssh/sshd_config file is commented, because during setup I chose "no" to ssh.

Uncommented lines:
1). ListenAddress 0.0.0.0
2). Protocol 2
3). ChallengeResponseAuthentication no
4). UsePAM yes
5). Subsystem sftp /usr/lib/ssh/sftp-server

Should these be uncommented (as far as ssh is concerned?) Should I comment these out also?
THX, JP

Now I've got to find out where ssh is in my sidux install ......

tried /etc/ssh and /etc/default/ssh, neither had any text in them ...... any ideas? I tried searching for */ssh/config* but no joy there Sad Sad



_________________
Dell Box - Arch Linux
Dell Lappy - DreamLinux 3.5 - Default OS
Mepis 8.0 - Backup


Last edited by JP on Wed May 14, 2024 7:35 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
crouse
Site Admin


Joined: 17 Apr 2024
Posts: 11833
Location: Iowa
PostPosted: Wed May 14, 2024 5:36 am    Post subject: Reply with quote
Code:

less /etc/ssh/sshd_config | grep -v "#" | sed "/^$/d"



This will show WHAT lines are used in the config file......
Here is mine, minus some of the info in it Wink I specify a port number AND what users can actually log in.......

Code:

Port XXXXXXXXX
ListenAddress 0.0.0.0
Protocol 2
ChallengeResponseAuthentication no
UsePAM yes
Subsystem       sftp    /usr/lib/ssh/sftp-server
AllowUsers XXXXXXXXX




_________________
Veronica - Arch Linux 64-bit -- Kernel 2.6.33.4-1
Archie/Jughead - Arch Linux 32-bit -- Kernel 2.6.33.4-1
Betty/Reggie - Arch Linux (VBox) 32-bit -- Kernel 2.6.33.4-1
BumbleBee - OpenSolaris-SunOS 5.11
Back to top
View user's profile Send private message Visit poster's website AIM Address
Display posts from previous:   
Post new topic   Reply to topic   printer-friendly view    USA Linux Users Group Forum Index » System Administration and Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All content © 2024-2009 - Usa Linux Users Group
This forum is powered by phpBB. © 2024-2009 phpBB Group
Theme created by phpBBStyles.com and modified by Crouse