SSHD illegal users
Got this in logwatch:
Code:
Illegal users from: I have code in my iptables that limits SSH logins to 8 per minute. ) |
Quote:
Quote:
|
Quote:
these are just attempts to get in....but then no one is ever successful without first attempting ;) set the AllowUsers keyword. run sshd on a port different then 22. allow root login - turn off use dsa keys turn off password auth so many things you can do to lock it down properly.. but it looks like someone has already advised you of all these? |
Quote:
Is the SSH listening port in SSH config file? what are dsa keys and password auth? |
Quote:
Quote:
|
Quote:
ssh port is in the sshd config file. Disallowing password auth means that the user must log in from a trusted account/machine. They won't need a password, but it will be from a account/machine that you know should only have allowed access, because the user has to have a pre-shared key. DSA and RSA are the two keys usable in ssh. DSA is generally more secure, last I knew. Please take a look at the sshd config file to get a better idea of your options. |
Another thing to read on: http://www.fail2ban.org/wiki/index.php/Main_Page
|
Brilliant, I've know locked myself out of the server by changing the port and even though I added a firewall rule something has messed.
Argh :( |
Right I got it back using KVM.
Now when I edit the SSH port, do you just put in: Port 1234 for example? My kiptables rules were changed to: Code:
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource EDIT: oops, I was chaging the ssh config file not the sshd config file :( |
You do not have to allow root to log in to allow a user to su to root. Disallowing root login makes someone log in as themselves and then become root, which creates an entry in the log files.
If I create a new user, what permissions do you give them? To then login as root is it just su root? So effectively you have a user login and password and then a 2nd root and password? ssh port is in the sshd config file. Disallowing password auth means that the user must log in from a trusted account/machine. They won't need a password, but it will be from a account/machine that you know should only have allowed access, because the user has to have a pre-shared key. Can't do this as the IP address on my computer is dynamic or am I missing something here? Is a key used instead of the password? Effectively the same process then isn't it? DSA and RSA are the two keys usable in ssh. DSA is generally more secure, last I knew. Please take a look at the sshd config file to get a better idea of your options. |
Quote:
all the directives you need are in sshd_config man sshd_config. it is always good that you have some kind of test server to test out how this all works for you before putting it out live on a production server. |
I created a user testuser with password
then added AllowUsers testuser in the config file However, whenever I login with this user it says access denied after the password. ? |
I think I am comfortable having a root password of 20 chars & numbers and resrtricting logins to 2 per min.
any hacker attempting to get through that would have to try for years :) ...and changing the port |
Quote:
|
Please use [quote][/quote] tags around the parts of text you are quoting, otherwise it's hard to tell what's your response and what's the original text you're responding to.
Quote:
Quote:
Code:
su - Quote:
Quote:
Quote:
|
All times are GMT -5. The time now is 05:11 AM. |