Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In computing something is on or it is off, a condition exists or it doesn't, there's no need for fuzzy human "worrying". If you would say "what is the risk?" then I'd say it depends on you implementing the measures I already offered.
Quote:
Originally Posted by qwertyjjj
I have code in my iptables that limits SSH logins to 8 per minute.
Illegal users from:
190.2.12.113 (customer-static-2-12-113.iplannetworks.net): 36 times
200.29.234.100 (proxy.rebujia.com.co): 7 times
218.75.78.86: 1 time
reverse mapping checking getaddrinfo for customer-static-2-12-113.iplannetworks.net failed - POSSIBLE BREAK-IN ATTEMPT! : 40 time(s
reverse mapping checking getaddrinfo for proxy.rebujia.com.co failed - POSSIBLE BREAK-IN ATTEMPT! : 7 time(s)
Anything to be worried about?
I have code in my iptables that limits SSH logins to 8 per minute.
)
should you worry? yes and no.
these are just attempts to get in....but then no one is ever successful without first attempting
set the AllowUsers keyword.
run sshd on a port different then 22.
allow root login - turn off
use dsa keys
turn off password auth
so many things you can do to lock it down properly..
but it looks like someone has already advised you of all these?
should you worry? yes and no.
these are just attempts to get in....but then no one is ever successful without first attempting
set the AllowUsers keyword.
run sshd on a port different then 22.
allow root login - turn off
use dsa keys
turn off password auth
so many things you can do to lock it down properly..
but it looks like someone has already advised you of all these?
But for AllowUsers, I'd have t allow root wouldn't I or I couldn't do many of the changes I need to on the server?
But for AllowUsers, I'd have t allow root wouldn't I or I couldn't do many of the changes I need to on the server?
Is the SSH listening port in SSH config file?
what are dsa keys and password auth?
You do not have to allow root to log in to allow a user to su to root. Disallowing root login makes someone log in as themselves and then become root, which creates an entry in the log files.
ssh port is in the sshd config file.
Disallowing password auth means that the user must log in from a trusted account/machine. They won't need a password, but it will be from a account/machine that you know should only have allowed access, because the user has to have a pre-shared key.
DSA and RSA are the two keys usable in ssh. DSA is generally more secure, last I knew.
Please take a look at the sshd config file to get a better idea of your options.
You do not have to allow root to log in to allow a user to su to root. Disallowing root login makes someone log in as themselves and then become root, which creates an entry in the log files.
If I create a new user, what permissions do you give them?
To then login as root is it just su root?
So effectively you have a user login and password and then a 2nd root and password?
ssh port is in the sshd config file.
Disallowing password auth means that the user must log in from a trusted account/machine. They won't need a password, but it will be from a account/machine that you know should only have allowed access, because the user has to have a pre-shared key.
Can't do this as the IP address on my computer is dynamic or am I missing something here? Is a key used instead of the password? Effectively the same process then isn't it?
DSA and RSA are the two keys usable in ssh. DSA is generally more secure, last I knew.
Please take a look at the sshd config file to get a better idea of your options.
I created a user testuser with password
then added AllowUsers testuser in the config file
However, whenever I login with this user it says access denied after the password.
I think I am comfortable having a root password of 20 chars & numbers and resrtricting logins to 2 per min.
any hacker attempting to get through that would have to try for years
...and changing the port
Please use [quote][/quote] tags around the parts of text you are quoting, otherwise it's hard to tell what's your response and what's the original text you're responding to.
Quote:
Originally Posted by qwertyjjj
If I create a new user, what permissions do you give them?
No special permissions needed. Just an ordinary, bog standard user with a real log in shell (not /bin/false, for example).
Quote:
Originally Posted by qwertyjjj
To then login as root is it just su root?
Even better,
Code:
su -
so that you inherit root's environment settings too (see man su).
Quote:
Originally Posted by qwertyjjj
So effectively you have a user login and password and then a 2nd root and password?
Yes.
Quote:
Originally Posted by qwertyjjj
Can't do this as the IP address on my computer is dynamic or am I missing something here?
It's not the machine's IP address that's used to identify the machine, it's the key-pair that are used.
Quote:
Originally Posted by qwertyjjj
Is a key used instead of the password? Effectively the same process then isn't it?
Yes, a key's used. The difference is, the key's tied to the machine, whereas the password can roam independent of the machine, which allows anyone to have a go at guessing the right combination of username and password. At least, that's my understanding of it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.