LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-02-2006, 11:02 AM   #1
mjgould
LQ Newbie
 
Registered: Sep 2005
Location: Findlay Ohio
Distribution: CentOS, Ubuntu
Posts: 24

Rep: Reputation: 15
SSH Port Question


I currently have a Solaris server that hosts several web pages. I don't leave the SSH port open except for when I need to remotely need to get into the server, then when I am done I close the port on the firewall. I have noticed that even with the port being open for 40 minutes or less that in that time there are people that are trying to get SSH access to the machine with a bad user name and password.

I was wondering what the opinion is of the users of this forum regarding leaving the SSH port open all of the time, and what are your personal experiences with people trying to get SSH access to one of your boxes.

I am just looking for everyone's personal opinion and experiences regarding this issue.
 
Old 11-02-2006, 11:37 AM   #2
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, macOS, SLES, Ubuntu
Posts: 327

Rep: Reputation: 63
I leave SSH open for hours, or days at a time, depending on where I am with anticipated travel etc.

I haven't noticed major issues when doing this, but I definitely change it to a non-default port on all my boxes.
 
Old 11-02-2006, 11:41 AM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
I leave my SSH port open all the time, and yes, people try to gain access on a daily basis, but I've done three things to prevent access. First, I eliminated the ability to use a username and password to access via SSH. All access is by keys only. Second, I limited the users who have SSH access using the AllowUsers directive in sshd_config. Finally, I use a script called sshblack that monitors my logs and when it sees one of these scripts, it adds the IP to my firewall to be dropped. This last one really doesn't add to security, it mostly serves to keep my log files from filing up with these. And to be honest, moving to key-based authentication is probably the biggest help in keeping the bozos out.

<edit>
Just my 2 cents on moving the SSH port. Yes, it does cut down on the scripts pounding on the door, but don't confuse this with actually increasing security.
</edit>

Last edited by Hangdog42; 11-02-2006 at 11:46 AM.
 
Old 11-02-2006, 11:52 AM   #4
lucktsm
Member
 
Registered: May 2004
Location: Atlanta, GA USA
Distribution: Redhat ES4, FC4, FC5, slax, ubuntu, knoppix
Posts: 155

Rep: Reputation: 30
I keep my SSH port open all time, but I do move the port to a less known port. Basically I use the port for a tunnel to my proxy and allow for remote access through it.

I rarely see any attempts to login. The other thing I do is only allow RSA key access and not passwords as a means of logging in.


Good luck.
 
Old 11-02-2006, 12:00 PM   #5
strick1226
Member
 
Registered: Feb 2005
Distribution: Arch, CentOS, Fedora, macOS, SLES, Ubuntu
Posts: 327

Rep: Reputation: 63
Moving to keys is an excellent idea. I really need to get around to implementing that.

Good points!
 
Old 11-02-2006, 12:41 PM   #6
mjgould
LQ Newbie
 
Registered: Sep 2005
Location: Findlay Ohio
Distribution: CentOS, Ubuntu
Posts: 24

Original Poster
Rep: Reputation: 15
Thanks for the replies. If there is anyone else that has different ideas I would like to hear them.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables help! DROP ssh port, but allow to connect to ssh if from 2222 port kandzha Linux - Networking 4 09-13-2006 09:10 AM
ssh port forward/tunnel question djwhitey Linux - Networking 4 04-06-2006 04:05 PM
ssh port forwarding question lmcilwain Linux - Networking 4 09-29-2005 02:32 PM
ssh port forwarding (tunneling?) question podollb Linux - Software 4 10-20-2004 01:12 AM
A little question to an SSH guru (port forwarding) J_Szucs Linux - Software 3 11-01-2003 07:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration