LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-22-2006, 09:57 AM   #1
annielee
LQ Newbie
 
Registered: Oct 2006
Posts: 24

Rep: Reputation: 0
Close unused ports and SSH


Hi,

Recently our security team ran port scanning on one of my server, and found some open ports, which need to be closed.

How can I closed those unused ports. (and how do i check whether anyone is using the open ports or not)

And how do i disable root login to the system using ssh. (meaning all users can ssh to the system, but they need to issue su to get root access)

Thanks.
 
Old 11-22-2006, 10:30 AM   #2
bit128_linux
Member
 
Registered: Dec 2005
Location: Brasov, Romania
Distribution: Slackware, Bluewhite64
Posts: 49

Rep: Reputation: 15
In the SSH daemon config file, you have a line like this:

PermitRootLogin Yes

If the line if commented(starts with #), then uncomment it and change that 'Yes' with 'No. After that, you should restart your SSH daemon.
 
Old 11-22-2006, 11:46 AM   #3
annielee
LQ Newbie
 
Registered: Oct 2006
Posts: 24

Original Poster
Rep: Reputation: 0
erm..where's the ssh config file and how do i restart the ssh daemon?
 
Old 11-22-2006, 01:16 PM   #4
bit128_linux
Member
 
Registered: Dec 2005
Location: Brasov, Romania
Distribution: Slackware, Bluewhite64
Posts: 49

Rep: Reputation: 15
Well, that depends on distribution. In Slackware Linux the file path is '/etc/ssh/sshd_config' and you restart the server with this command(executed as root, of course):

/etc/rc.d/rc.sshd restart

Please post which distribution you use along with it's version.
 
Old 11-22-2006, 10:30 PM   #5
denver1980
Member
 
Registered: Dec 2004
Location: Québec
Distribution: Gentoo, Kubuntu Karmic
Posts: 48

Rep: Reputation: 15
And to know which port is opened, compare the 2 lists obtained by
Code:
$ netstat -a | grep -i listen
$ netstat -an | grep -i listen
By comparing them, you will see which service runs on what port.
If one port is numerical even in the -a list, googlize it

Hope it helps
 
Old 11-23-2006, 06:40 AM   #6
annielee
LQ Newbie
 
Registered: Oct 2006
Posts: 24

Original Poster
Rep: Reputation: 0
one more question, when a new user is created, by default they can ssh to the server, right??
 
Old 11-23-2006, 10:01 PM   #7
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Yes, unless you're using the AllowUsers statement in /etc/ssh/sshd_config.
 
Old 11-23-2006, 10:52 PM   #8
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
...and using the AllowUsers directive is a really, really, really good idea, from a security perspective.
 
Old 11-24-2006, 07:30 AM   #9
annielee
LQ Newbie
 
Registered: Oct 2006
Posts: 24

Original Poster
Rep: Reputation: 0
i've created a new user using useradd..but the new user cant login using ssh.

i didnt use AllowUsers in the sshd_config file.

please assist.
 
Old 11-24-2006, 11:32 AM   #10
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
what is the error message? Where is the user logging in from? You created the new user on the ssh server, right?
 
Old 11-24-2006, 08:02 PM   #11
annielee
LQ Newbie
 
Registered: Oct 2006
Posts: 24

Original Poster
Rep: Reputation: 0
it just said authentication failed. yup, i've created the user in the ssh server..
 
Old 11-24-2006, 08:29 PM   #12
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
so, your new user does an "ssh myservername" and the server responds "username" and the user enters "myusername", to which the server responds "password" and the user enters "mypassword", then after a pause, the server says "authentication failed". Is that right?

Can this user log on at the server? Does this user have shell access as part of the account?

You should list the contents of your sshd_config file here.
 
Old 11-28-2006, 04:36 AM   #13
annielee
LQ Newbie
 
Registered: Oct 2006
Posts: 24

Original Poster
Rep: Reputation: 0
i dun have the file with me now, (the server is at some other location).

but i didnt change the anything in the file.(it's original since day 1 after installation)
 
Old 11-28-2006, 07:18 AM   #14
boToo
Member
 
Registered: Aug 2003
Distribution: Kubuntu
Posts: 49

Rep: Reputation: 15
You are at somewhere!! But can you log in to server with ssh? you can use putty if you are using windoes, and open sshd_config in putty, select all, and then just paste it here. It might help.
 
Old 11-28-2006, 11:08 AM   #15
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Does the new user have a password? SSH does not allow logins with blank passwords, by default.
 
  


Reply

Tags
disable, root login, ssh, sshdconfig


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Closing unused ports jasone Linux - Security 12 07-02-2005 02:49 PM
How can I close ports? nectron101 Linux - Networking 3 11-27-2004 11:22 PM
List of unused ports on a machine linuxprogrammer Linux - Newbie 2 10-18-2004 02:20 PM
List of unused ports on a machine linuxprogrammer Linux - Newbie 4 10-18-2004 02:20 PM
List of unused ports on a machine linuxprogrammer Linux - Networking 1 10-18-2004 02:42 AM


All times are GMT -5. The time now is 11:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration