Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-02-2006, 11:02 AM
|
#1
|
LQ Newbie
Registered: Sep 2005
Location: Findlay Ohio
Distribution: CentOS, Ubuntu
Posts: 24
Rep:
|
SSH Port Question
I currently have a Solaris server that hosts several web pages. I don't leave the SSH port open except for when I need to remotely need to get into the server, then when I am done I close the port on the firewall. I have noticed that even with the port being open for 40 minutes or less that in that time there are people that are trying to get SSH access to the machine with a bad user name and password.
I was wondering what the opinion is of the users of this forum regarding leaving the SSH port open all of the time, and what are your personal experiences with people trying to get SSH access to one of your boxes.
I am just looking for everyone's personal opinion and experiences regarding this issue.
|
|
|
11-02-2006, 11:37 AM
|
#2
|
Member
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, macOS, SLES, Ubuntu
Posts: 327
Rep:
|
I leave SSH open for hours, or days at a time, depending on where I am with anticipated travel etc.
I haven't noticed major issues when doing this, but I definitely change it to a non-default port on all my boxes.
|
|
|
11-02-2006, 11:41 AM
|
#3
|
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
|
I leave my SSH port open all the time, and yes, people try to gain access on a daily basis, but I've done three things to prevent access. First, I eliminated the ability to use a username and password to access via SSH. All access is by keys only. Second, I limited the users who have SSH access using the AllowUsers directive in sshd_config. Finally, I use a script called sshblack that monitors my logs and when it sees one of these scripts, it adds the IP to my firewall to be dropped. This last one really doesn't add to security, it mostly serves to keep my log files from filing up with these. And to be honest, moving to key-based authentication is probably the biggest help in keeping the bozos out.
<edit>
Just my 2 cents on moving the SSH port. Yes, it does cut down on the scripts pounding on the door, but don't confuse this with actually increasing security.
</edit>
Last edited by Hangdog42; 11-02-2006 at 11:46 AM.
|
|
|
11-02-2006, 11:52 AM
|
#4
|
Member
Registered: May 2004
Location: Atlanta, GA USA
Distribution: Redhat ES4, FC4, FC5, slax, ubuntu, knoppix
Posts: 155
Rep:
|
I keep my SSH port open all time, but I do move the port to a less known port. Basically I use the port for a tunnel to my proxy and allow for remote access through it.
I rarely see any attempts to login. The other thing I do is only allow RSA key access and not passwords as a means of logging in.
Good luck.
|
|
|
11-02-2006, 12:00 PM
|
#5
|
Member
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, macOS, SLES, Ubuntu
Posts: 327
Rep:
|
Moving to keys is an excellent idea. I really need to get around to implementing that.
Good points!
|
|
|
11-02-2006, 12:41 PM
|
#6
|
LQ Newbie
Registered: Sep 2005
Location: Findlay Ohio
Distribution: CentOS, Ubuntu
Posts: 24
Original Poster
Rep:
|
Thanks for the replies. If there is anyone else that has different ideas I would like to hear them.
|
|
|
All times are GMT -5. The time now is 02:28 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|