Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
11-22-2006, 09:57 AM
|
#1
|
LQ Newbie
Registered: Oct 2006
Posts: 24
Rep:
|
Close unused ports and SSH
Hi,
Recently our security team ran port scanning on one of my server, and found some open ports, which need to be closed.
How can I closed those unused ports. (and how do i check whether anyone is using the open ports or not)
And how do i disable root login to the system using ssh. (meaning all users can ssh to the system, but they need to issue su to get root access)
Thanks.
|
|
|
11-22-2006, 10:30 AM
|
#2
|
Member
Registered: Dec 2005
Location: Brasov, Romania
Distribution: Slackware, Bluewhite64
Posts: 49
Rep:
|
In the SSH daemon config file, you have a line like this:
PermitRootLogin Yes
If the line if commented(starts with #), then uncomment it and change that 'Yes' with 'No. After that, you should restart your SSH daemon.
|
|
|
11-22-2006, 11:46 AM
|
#3
|
LQ Newbie
Registered: Oct 2006
Posts: 24
Original Poster
Rep:
|
erm..where's the ssh config file and how do i restart the ssh daemon?
|
|
|
11-22-2006, 01:16 PM
|
#4
|
Member
Registered: Dec 2005
Location: Brasov, Romania
Distribution: Slackware, Bluewhite64
Posts: 49
Rep:
|
Well, that depends on distribution. In Slackware Linux the file path is '/etc/ssh/sshd_config' and you restart the server with this command(executed as root, of course):
/etc/rc.d/rc.sshd restart
Please post which distribution you use along with it's version.
|
|
|
11-22-2006, 10:30 PM
|
#5
|
Member
Registered: Dec 2004
Location: Québec
Distribution: Gentoo, Kubuntu Karmic
Posts: 48
Rep:
|
And to know which port is opened, compare the 2 lists obtained by
Code:
$ netstat -a | grep -i listen
$ netstat -an | grep -i listen
By comparing them, you will see which service runs on what port.
If one port is numerical even in the -a list, googlize it
Hope it helps
|
|
|
11-23-2006, 06:40 AM
|
#6
|
LQ Newbie
Registered: Oct 2006
Posts: 24
Original Poster
Rep:
|
one more question, when a new user is created, by default they can ssh to the server, right??
|
|
|
11-23-2006, 10:01 PM
|
#7
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
Yes, unless you're using the AllowUsers statement in /etc/ssh/sshd_config.
|
|
|
11-23-2006, 10:52 PM
|
#8
|
Senior Member
Registered: Sep 2003
Posts: 3,171
Rep:
|
...and using the AllowUsers directive is a really, really, really good idea, from a security perspective.
|
|
|
11-24-2006, 07:30 AM
|
#9
|
LQ Newbie
Registered: Oct 2006
Posts: 24
Original Poster
Rep:
|
i've created a new user using useradd..but the new user cant login using ssh.
i didnt use AllowUsers in the sshd_config file.
please assist.
|
|
|
11-24-2006, 11:32 AM
|
#10
|
Senior Member
Registered: Sep 2003
Posts: 3,171
Rep:
|
what is the error message? Where is the user logging in from? You created the new user on the ssh server, right?
|
|
|
11-24-2006, 08:02 PM
|
#11
|
LQ Newbie
Registered: Oct 2006
Posts: 24
Original Poster
Rep:
|
it just said authentication failed. yup, i've created the user in the ssh server..
|
|
|
11-24-2006, 08:29 PM
|
#12
|
Senior Member
Registered: Sep 2003
Posts: 3,171
Rep:
|
so, your new user does an "ssh myservername" and the server responds "username" and the user enters "myusername", to which the server responds "password" and the user enters "mypassword", then after a pause, the server says "authentication failed". Is that right?
Can this user log on at the server? Does this user have shell access as part of the account?
You should list the contents of your sshd_config file here.
|
|
|
11-28-2006, 04:36 AM
|
#13
|
LQ Newbie
Registered: Oct 2006
Posts: 24
Original Poster
Rep:
|
i dun have the file with me now, (the server is at some other location).
but i didnt change the anything in the file.(it's original since day 1 after installation)
|
|
|
11-28-2006, 07:18 AM
|
#14
|
Member
Registered: Aug 2003
Distribution: Kubuntu
Posts: 49
Rep:
|
You are at somewhere!! But can you log in to server with ssh? you can use putty if you are using windoes, and open sshd_config in putty, select all, and then just paste it here. It might help.
|
|
|
11-28-2006, 11:08 AM
|
#15
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
Does the new user have a password? SSH does not allow logins with blank passwords, by default.
|
|
|
All times are GMT -5. The time now is 02:04 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|