Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Originally posted by johnnydangerous well if you may pls tell about ssh-agent and ssh-add
the ssh-agent takes care of your keys for you once you add it and if necessary entered the pass phrase. after this you only need to connect via ssh and no further pass phrase is asked.
you can run the agent by
Code:
ssh-agent /bin/bash
(could be ssh-agent2)
instead of /bin/bash you can use your shell you feel comfortable with,
personally I invoke bash with a different .bashrc so I know when I am in a shell running the agent
after the agent is running you run ssh-add
Code:
ssh-add
(ssh-add2) to add the keys to the agent, it will ask you the pass phrase for any key loaded, there is a way to specify which key (identity) you want to load, but lets keep things simple.
if you now establish a ssh connection you should connect without any further authentication.
to be on the secure side you can unload the keys out of the agent by running
Code:
ssh-add -D
also it is possible to lock the agent by running
Code:
ssh-add -L
it can be unlocked using
Code:
ssh-add -U
I hope this helps.
Code:
ssh-add -l
lists all loaded keys.
It is good practice to unload the keys before quiting the agent with exit.
Here is my .bashrc which I use with ssh-agent
Code:
export PS1="SSH-\u:\w>"
alias keys='ssh-add2 -l'
alias keysOn='ssh-add2'
alias keysOff='ssh-add2 -D"
alias quit='ssh-add2 -D;exit'
I simply invoke it by running
Code:
ssh-agent /bin/bash -rcfile .bashsshrc
Please note that the use of ssh-agent(2),ssh-add(2) and ssh(2) depends of your version of ssh (OpenSSH or SSH2)
I should set up an OpenBSD Honeypot. I doubt the script kiddies would even realize it's not Linux and then try to fumble their way around trying to install Linux root kits.
how could they even reach the step to install rootkit? if you have military style authentication it's quite impossible to reach your machine maybe just through some software vulnerabilities only which is hmm... quite rare if u're up-to-date
Originally posted by damicatz I should set up an OpenBSD Honeypot. I doubt the script kiddies would even realize it's not Linux and then try to fumble their way around trying to install Linux root kits.
what do you mean to use such honeypot on linux? or on BSD?
Originally posted by johnnydangerous how could they even reach the step to install rootkit? if you have military style authentication it's quite impossible to reach your machine maybe just through some software vulnerabilities only which is hmm... quite rare if u're up-to-date
Making a honeypot implies setting the system up in such a way that it is easy to compromise and gain root access. I'm saying though that once they do log in through SSH I doubt they would be able to do much as OpenBSD is different enough from Linux.
btw: there are numerous ways to identify you have logged on a honeypot, and once you know that the host is not considered safe - reference security focus
but do you mean having a BSDhopeypot on Linux? I actually havent seen BSD honeypots any URL?
my log files show these sshd login attempts recently. Since Apr18 up to present. I traced the IP to Amsterdam. Any rate - It made me think about improving security on my home server machine (Fedora Core 3).
It's been said that telnet should *never* be enabled on Linux? Could anyone explain to me why? I can ssh but perhaps I should setup authentication for that? Unfortunately alot of this thread is not straight forward to me - so please be patient with what may seem as some ignorant responses/questions.
btw - how would I disable FTP in command line (ssh session). I am presently at work and if it is strongly engcourage to disable it, I would like to do it right away.
Originally posted by FiveFlat btw - how would I disable FTP in command line (ssh session). I am presently at work and if it is strongly engcourage to disable it, I would like to do it right away.
Thanks!
As a root just do:
chkconfig --list to find the fpt deamon, then:
chkconfig --level 345 ftp_deamon off
Originally posted by Capt_Caveman There appears to be some form of automated malware circulating around the internet in the last 2 weeks. It attempts sshd logins using simple username-password combinations. A sample scan looks like:
Jul 19 21:04:33 server sshd[28379]: Illegal user test from XXX.XXX.XXX.XXX
Jul 19 21:04:34 server sshd[28381]: Illegal user guest from XXX.XXX.XXX.XXX
Jul 19 21:04:36 server sshd[28383]: Illegal user admin from XXX.XXX.XXX.XXX
Jul 19 21:04:37 server sshd[28385]: Illegal user admin from XXX.XXX.XXX.XXX
Jul 19 21:04:38 server sshd[28387]: Illegal user user from XXX.XXX.XXX.XXX
Several reports indicate that the malicious code is a scanner designed to identify systems with weak username/passwords. Once a weak system is identified, its IP address is appended to a list for manually exploitation later on. However, the possibility of a unknown exploit has not been ruled-out.
All Linux users are recommended to implement a sensible username and password policy in order to avoid being compromised by this tool. An example of a sensible policy would be at least the use of non-dictionary, alpha-numeric+punctuation characters. Restricting sshd access to only those systems necessary will further reduce the possiblity of compromise. Access restriction can be done using iptables or tcp_wrappers (hosts.allow/deny)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
