USA Linux Users Group Forum Index
Log in Register FAQ Memberlist Search USA Linux Users Group Forum Index Album

Why you should change your ssh default port.
Goto page 1, 2  Next
 
Post new topic   Reply to topic   printer-friendly view    USA Linux Users Group Forum Index » Member Blogs
View previous topic :: View next topic  
Author Message
crouse
Site Admin


Joined: 17 Apr 2024
Posts: 11833
Location: Iowa
PostPosted: Thu Jul 24, 2024 1:10 am    Post subject: Why you should change your ssh default port. Reply with quote
Why you should change your ssh default port.
http://davecrouse.blogspot.com/2008/07/why-you-should-change-your-ssh-default.html
Quote:

Thought some of you might find this interesting. No one gets in, but it's funny how just changing the port number on ssh will stop 99.99% of the stupid attacks (some random bot repeatedly attempting to gain access) . Several other things SHOULD be changed in the ssh config file also, not just the port number, but this one provides the most eye opening reasons to be secure.

Installed server on Jul 17th ..... less than 5 days later, well, you get the idea.
wtmp begins Thu Jul 17 21:57:08 2024

[root@VistaCrusher1 ~]# lastb | wc -l
25349



_________________
Veronica - Arch Linux 64-bit -- Kernel 2.6.33.4-1
Archie/Jughead - Arch Linux 32-bit -- Kernel 2.6.33.4-1
Betty/Reggie - Arch Linux (VBox) 32-bit -- Kernel 2.6.33.4-1
BumbleBee - OpenSolaris-SunOS 5.11
Back to top
View user's profile Send private message Visit poster's website AIM Address
platinummonkey
Advanced Member


Joined: 01 Mar 2024
Posts: 732
Location: Texas
PostPosted: Thu Jul 24, 2024 1:52 am    Post subject: Reply with quote
might i suggest some port knocking too Wink or other more secure methods



_________________
desktop - FreeBSD 7.2
laptop & server - Archlinux i686 kernel26 2.6.32.10-1
- TAMULinux-2.0.2-ALPHA
USB Boot - Archlinux i686 kernel26 2.6.32.10-1 USB boot
Back to top
View user's profile Send private message Visit poster's website AIM Address
jada
Linux Guru


Joined: 13 May 2024
Posts: 3064
Location: Sun City, CA 92585
PostPosted: Thu Jul 24, 2024 6:12 am    Post subject: Reply with quote
Iptables what I am using on my laptops.
http://usalug.org/phpBB2/viewtopic.html?t=13265

it's also for desktops and servers and can prefent a lot Wink



_________________
openSUSE 11.1 Desktop KDE 4.3.1 buildservice Factory
Linux Mint 7 Desktop Gnome
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
platinummonkey
Advanced Member


Joined: 01 Mar 2024
Posts: 732
Location: Texas
PostPosted: Thu Jul 24, 2024 1:00 pm    Post subject: Reply with quote
thought i'd share my lastb on my game/file server:
Code:
[root@pltmnky-serv ~]# lastb | grep -v 192.168.0.101 | wc -l
0


how? chaning default ssh port + port knocking, you could go hog wild with security, but simple is fine for this. when i find the excellent link i had detailing different methods, ill be sure to post.

@jada - nice script Smile



_________________
desktop - FreeBSD 7.2
laptop & server - Archlinux i686 kernel26 2.6.32.10-1
- TAMULinux-2.0.2-ALPHA
USB Boot - Archlinux i686 kernel26 2.6.32.10-1 USB boot
Back to top
View user's profile Send private message Visit poster's website AIM Address
VHockey86
Advanced Member


Joined: 12 Dec 2024
Posts: 988
Location: Rochester
PostPosted: Thu Jul 24, 2024 2:41 pm    Post subject: Reply with quote
I'd argue that security through obscurity isn't any kind of real security, but it definitely helps with this automated stuff. (a simple nmap will find SSH on another port)

When I lived on-campus in the dorms my linux box was constantly being hammered by dozens of SSH bots. They never even guesed the username correctly, let alone the password, but it was still annoying to see in the logs. I ended up changing the default port and adding "fail2ban", which would add an iptables entry to block the IP after 5 failed login attempts.
Back to top
View user's profile Send private message
geeshock
Moderator


Joined: 02 Nov 2024
Posts: 1017
Location: Hertford, NC
PostPosted: Thu Jul 24, 2024 4:51 pm    Post subject: Reply with quote
platinummonkey wrote:
thought i'd share my lastb on my game/file server:
Code:
[root@pltmnky-serv ~]# lastb | grep -v 192.168.0.101 | wc -l
0


how? chaning default ssh port + port knocking, you could go hog wild with security, but simple is fine for this. when i find the excellent link i had detailing different methods, ill be sure to post.

@jada - nice script Smile

I tried going hog wild on security, the only problem I ran into is some ppl on rr or dsl were locked out of our server. think it had to do with the mtu settings that they used but not for sure. Anyways, I had a script that started off closing all the ports then opened up the ones I used like port 80 and 8080 for http, think it was 20 and 21 for ftp, and so on. Was an excelent script but it locked a portion of the ppl we wanted to be able to access the server as well. simple is best.
Back to top
View user's profile Send private message Visit poster's website AIM Address
crouse
Site Admin


Joined: 17 Apr 2024
Posts: 11833
Location: Iowa
PostPosted: Fri Jul 25, 2024 1:40 am    Post subject: Reply with quote
Wink I have a script that starts up postfix on remote computers at a certain time, emails me the reports, and shuts off again Smile Works like a dream. Simple, is usually the most effective. At least for me. There are multiple settings in the ssh file that would eliminate the need for iptables all together Wink If you don't believe me, try to get into my home computer Very Happy Very Happy Very Happy



_________________
Veronica - Arch Linux 64-bit -- Kernel 2.6.33.4-1
Archie/Jughead - Arch Linux 32-bit -- Kernel 2.6.33.4-1
Betty/Reggie - Arch Linux (VBox) 32-bit -- Kernel 2.6.33.4-1
BumbleBee - OpenSolaris-SunOS 5.11
Back to top
View user's profile Send private message Visit poster's website AIM Address
platinummonkey
Advanced Member


Joined: 01 Mar 2024
Posts: 732
Location: Texas
PostPosted: Fri Jul 25, 2024 3:20 am    Post subject: Reply with quote
crouse wrote:
... If you don't believe me, try to get into my home computer Very Happy Very Happy Very Happy


i might take you up on that offer, though not through my computer by just randomly show up with a screwdriver and some cupcakes (to distract you from remembering why i came) Razz



_________________
desktop - FreeBSD 7.2
laptop & server - Archlinux i686 kernel26 2.6.32.10-1
- TAMULinux-2.0.2-ALPHA
USB Boot - Archlinux i686 kernel26 2.6.32.10-1 USB boot
Back to top
View user's profile Send private message Visit poster's website AIM Address
crouse
Site Admin


Joined: 17 Apr 2024
Posts: 11833
Location: Iowa
PostPosted: Fri Jul 25, 2024 4:42 am    Post subject: Reply with quote
ok..... the cupcakes is just using underhanded tacktics.... Razz



_________________
Veronica - Arch Linux 64-bit -- Kernel 2.6.33.4-1
Archie/Jughead - Arch Linux 32-bit -- Kernel 2.6.33.4-1
Betty/Reggie - Arch Linux (VBox) 32-bit -- Kernel 2.6.33.4-1
BumbleBee - OpenSolaris-SunOS 5.11
Back to top
View user's profile Send private message Visit poster's website AIM Address
platinummonkey
Advanced Member


Joined: 01 Mar 2024
Posts: 732
Location: Texas
PostPosted: Fri Jul 25, 2024 11:15 pm    Post subject: Reply with quote
crouse wrote:
ok..... the cupcakes is just using underhanded tacktics.... Razz

hehe Razz



_________________
desktop - FreeBSD 7.2
laptop & server - Archlinux i686 kernel26 2.6.32.10-1
- TAMULinux-2.0.2-ALPHA
USB Boot - Archlinux i686 kernel26 2.6.32.10-1 USB boot
Back to top
View user's profile Send private message Visit poster's website AIM Address
bdquick
Advanced Member


Joined: 26 Jun 2024
Posts: 883
Location: Little north of DSM and south of Ames
PostPosted: Sat Jul 26, 2024 12:16 am    Post subject: Reply with quote
Hmm I'm actually close enough to try that tactic. I'll throw in some beer and a hammer too platinum, and there's no way we won't get into it.



_________________
OpenSuse 11.1 11, 10.2
Arch Linux
Back to top
View user's profile Send private message
JP
Linux Guru


Joined: 07 Jul 2024
Posts: 6670
Location: Central Montana
PostPosted: Sat Jul 26, 2024 2:39 am    Post subject: Reply with quote
The June issue of Linux Pro Magazine had a lot of articles about "Expert Security" and there is an interesting article about "single-packet port knocking" (which I'm trying to understand), a lot too geeky for me, but I figure if I read it enuff, I might pick something up Wink. They say the best tool for SPA (Single-packet Authorization) is fwknop, they give instructions on how to install and configure it, etc.

Some websites they recommend are :

John the Ripper Clik Wink
John the Ripper @ Freshmeat Clik Wink
Quote:
John the Ripper is a part of Owl, Debian GNU/Linux, EnGarde Linux, Gentoo Linux, Mandrake Linux, and SUSE Linux. It is in the ports/packages collections of FreeBSD, NetBSD, and OpenBSD.

CypherDyne Clik Wink
Fwknop Download Clik Wink

Just in case anyone's interested Wink



_________________
Dell Box - Arch Linux
Dell Lappy - DreamLinux 3.5 - Default OS
Mepis 8.0 - Backup
Back to top
View user's profile Send private message Visit poster's website
platinummonkey
Advanced Member


Joined: 01 Mar 2024
Posts: 732
Location: Texas
PostPosted: Sat Jul 26, 2024 9:54 pm    Post subject: Reply with quote
bdquick wrote:
Hmm I'm actually close enough to try that tactic. I'll throw in some beer and a hammer too platinum, and there's no way we won't get into it.

Razz lolz, commence operation taking candy from crouse! Razz

@JP - thx for those great links!



_________________
desktop - FreeBSD 7.2
laptop & server - Archlinux i686 kernel26 2.6.32.10-1
- TAMULinux-2.0.2-ALPHA
USB Boot - Archlinux i686 kernel26 2.6.32.10-1 USB boot
Back to top
View user's profile Send private message Visit poster's website AIM Address
JP
Linux Guru


Joined: 07 Jul 2024
Posts: 6670
Location: Central Montana
PostPosted: Sat Jul 26, 2024 11:57 pm    Post subject: Reply with quote
platinummonkey wrote:

@JP - thx for those great links!
N/P Very Happy



_________________
Dell Box - Arch Linux
Dell Lappy - DreamLinux 3.5 - Default OS
Mepis 8.0 - Backup
Back to top
View user's profile Send private message Visit poster's website
bdquick
Advanced Member


Joined: 26 Jun 2024
Posts: 883
Location: Little north of DSM and south of Ames
PostPosted: Mon Jul 28, 2024 2:13 am    Post subject: Reply with quote
platinummonkey wrote:

Razz lolz, commence operation taking candy from crouse! Razz


We might even be able to sneak a server or two out the door. Very Happy



_________________
OpenSuse 11.1 11, 10.2
Arch Linux
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic   printer-friendly view    USA Linux Users Group Forum Index » Member Blogs All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All content © 2024-2009 - Usa Linux Users Group
This forum is powered by phpBB. © 2024-2009 phpBB Group
Theme created by phpBBStyles.com and modified by Crouse