Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Doesn't look like an active connection. FYI, the port is irrelevant. A determined attacker will find a service on any port, not just well known ports. Do you have root login via SSH disabled in your config?
Doesn't look like an active connection. FYI, the port is irrelevant. A determined attacker will find a service on any port, not just well known ports. Do you have root login via SSH disabled in your config?
I think the operative word here is determined. Using a non-standard port for ssh has reduced the number of failed login attempts on my server from thousands per day to zero.
Agree, just pointing it out. I see time and time again on the web side where people try to "hide" assets using unknown urls or hosting on other ports and they are 100% of the time, found. An automated script "kiddie" if you will, will only look for well known ports. An actual human that knows what they are doing will look for all 65k ports.
If that works for you, great. It doesn't work for the web side of the gov org I support.
Agree, just pointing it out. I see time and time again on the web side where people try to "hide" assets using unknown urls or hosting on other ports and they are 100% of the time, found. An automated script "kiddie" if you will, will only look for well known ports. An actual human that knows what they are doing will look for all 65k ports.
If that works for you, great. It doesn't work for the web side of the gov org I support.
I wouldn't expect any government organization to even allow public-facing ssh access. The last such I worked with used VPN and real-time key* authentication.
*a fob one carried that displayed a login key that changed every 30 seconds. I'm not sure what that was called, but we had to use it every time we logged in, on-site or remotely.
They don't allow SSH access except through a VPN. I was mainly talking about web hosting: web app owners and web site owners frequently tell us they can hide assets or host the admin page on another port, etc. We tell them security through obscurity is not a valid risk mitigation methodology...
RSA key fobs, used to use those! I use 2 factor all the time now, even personally: google authenticator and yubikey.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Strange SSHd log on Debian 10 (VPS)
