LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Close unused ports and SSH (http://www.linuxquestions.org/questions/linux-security-4/close-unused-ports-and-ssh-503929/)

annielee 11-22-2006 09:57 AM

Close unused ports and SSH
 
Hi,

Recently our security team ran port scanning on one of my server, and found some open ports, which need to be closed.

How can I closed those unused ports. (and how do i check whether anyone is using the open ports or not)

And how do i disable root login to the system using ssh. (meaning all users can ssh to the system, but they need to issue su to get root access)

Thanks.

bit128_linux 11-22-2006 10:30 AM

In the SSH daemon config file, you have a line like this:

PermitRootLogin Yes

If the line if commented(starts with #), then uncomment it and change that 'Yes' with 'No. After that, you should restart your SSH daemon.

annielee 11-22-2006 11:46 AM

erm..where's the ssh config file and how do i restart the ssh daemon?

bit128_linux 11-22-2006 01:16 PM

Well, that depends on distribution. In Slackware Linux the file path is '/etc/ssh/sshd_config' and you restart the server with this command(executed as root, of course):

/etc/rc.d/rc.sshd restart

Please post which distribution you use along with it's version.

denver1980 11-22-2006 10:30 PM

And to know which port is opened, compare the 2 lists obtained by
Code:

$ netstat -a | grep -i listen
$ netstat -an | grep -i listen

By comparing them, you will see which service runs on what port.
If one port is numerical even in the -a list, googlize it :study:

Hope it helps

annielee 11-23-2006 06:40 AM

one more question, when a new user is created, by default they can ssh to the server, right??

chort 11-23-2006 10:01 PM

Yes, unless you're using the AllowUsers statement in /etc/ssh/sshd_config.

jiml8 11-23-2006 10:52 PM

...and using the AllowUsers directive is a really, really, really good idea, from a security perspective.

annielee 11-24-2006 07:30 AM

i've created a new user using useradd..but the new user cant login using ssh.

i didnt use AllowUsers in the sshd_config file.

please assist.

jiml8 11-24-2006 11:32 AM

what is the error message? Where is the user logging in from? You created the new user on the ssh server, right?

annielee 11-24-2006 08:02 PM

it just said authentication failed. yup, i've created the user in the ssh server..

jiml8 11-24-2006 08:29 PM

so, your new user does an "ssh myservername" and the server responds "username" and the user enters "myusername", to which the server responds "password" and the user enters "mypassword", then after a pause, the server says "authentication failed". Is that right?

Can this user log on at the server? Does this user have shell access as part of the account?

You should list the contents of your sshd_config file here.

annielee 11-28-2006 04:36 AM

i dun have the file with me now, (the server is at some other location).

but i didnt change the anything in the file.(it's original since day 1 after installation)

boToo 11-28-2006 07:18 AM

You are at somewhere!! But can you log in to server with ssh? you can use putty if you are using windoes, and open sshd_config in putty, select all, and then just paste it here. It might help.

chort 11-28-2006 11:08 AM

Does the new user have a password? SSH does not allow logins with blank passwords, by default.


All times are GMT -5. The time now is 12:10 AM.