Close unused ports and SSH

annielee · 11-22-2006, 10:57 AM

Hi,

Recently our security team ran port scanning on one of my server, and found some open ports, which need to be closed.

How can I closed those unused ports. (and how do i check whether anyone is using the open ports or not)

And how do i disable root login to the system using ssh. (meaning all users can ssh to the system, but they need to issue su to get root access)

Thanks.

bit128_linux · 11-22-2006, 11:30 AM

In the SSH daemon config file, you have a line like this:

PermitRootLogin Yes

If the line if commented(starts with #), then uncomment it and change that 'Yes' with 'No. After that, you should restart your SSH daemon.

annielee · 11-22-2006, 12:46 PM

erm..where's the ssh config file and how do i restart the ssh daemon?

bit128_linux · 11-22-2006, 02:16 PM

Well, that depends on distribution. In Slackware Linux the file path is '/etc/ssh/sshd_config' and you restart the server with this command(executed as root, of course):

/etc/rc.d/rc.sshd restart

Please post which distribution you use along with it's version.

denver1980 · 11-22-2006, 11:30 PM

And to know which port is opened, compare the 2 lists obtained by

Code:

$ netstat -a | grep -i listen
$ netstat -an | grep -i listen

By comparing them, you will see which service runs on what port.
If one port is numerical even in the -a list, googlize it

Hope it helps

annielee · 11-23-2006, 07:40 AM

one more question, when a new user is created, by default they can ssh to the server, right??

chort · 11-23-2006, 11:01 PM

Yes, unless you're using the AllowUsers statement in /etc/ssh/sshd_config.

jiml8 · 11-23-2006, 11:52 PM

...and using the AllowUsers directive is a really, really, really good idea, from a security perspective.

annielee · 11-24-2006, 08:30 AM

i've created a new user using useradd..but the new user cant login using ssh.

i didnt use AllowUsers in the sshd_config file.

please assist.

jiml8 · 11-24-2006, 12:32 PM

what is the error message? Where is the user logging in from? You created the new user on the ssh server, right?

annielee · 11-24-2006, 09:02 PM

it just said authentication failed. yup, i've created the user in the ssh server..

jiml8 · 11-24-2006, 09:29 PM

so, your new user does an "ssh myservername" and the server responds "username" and the user enters "myusername", to which the server responds "password" and the user enters "mypassword", then after a pause, the server says "authentication failed". Is that right?

Can this user log on at the server? Does this user have shell access as part of the account?

You should list the contents of your sshd_config file here.

annielee · 11-28-2006, 05:36 AM

i dun have the file with me now, (the server is at some other location).

but i didnt change the anything in the file.(it's original since day 1 after installation)

boToo · 11-28-2006, 08:18 AM

You are at somewhere!! But can you log in to server with ssh? you can use putty if you are using windoes, and open sshd_config in putty, select all, and then just paste it here. It might help.

chort · 11-28-2006, 12:08 PM

Does the new user have a password? SSH does not allow logins with blank passwords, by default.