looked at MY THREADS AND ALL OF THEM ARE LISTED EXCEPT THIS ONE> I KNOW OTHERS CAN SEE THIS THREAD DID I SOMEHOW POST THIS WRONG AND THAT'S WHY IT DOESN'T SHOW ON THE "MY THREADS LIST"?


ok so if I create a ufw rule to block ALL Inbound/outbound ssh requests on port 22. IS THIS AS GOOD AS CHANGING ALL THE SSH PASSWORD OR USING KEYS.

basically what i am asking is am I secure using the firewall to block ssh in this way or should i create keypairs for all my accounts root/user/guest etc and do it that way because it is more secure than using the UFW?????

i have checked the AUTH.LOG and see NO FAILED ATTEMPTS FROM ANY IP ADDRESS IN THE LAST 3 days......



please help!

Blocking port 22 disables ssh access to the default port. If the ssh daemon listens on a different port, it's not blocked. In this sense, it's not the same as setting up keys or passwords, or disabling the service.

The usual recommendation is to have several defense layers. Read this post about securing network services: http://www.linuxquestions.org/questi...1/#post2122954.

See https://help.ubuntu.com/community/UFW

ok so what if i modify my ufw rule to not all ANY port to work for SSH??

I think it's as simple as

I might be wrong, but I doubt that ufw knows or cares for the program that listens on a port. You can use ufw to block ports, but you can't use it to block ports for a certain service.

Again, the recommendation is several layers of defense, e.g. block the port and disable the ssh service.

1. ssh Keys first and foremost.
2. Don't allow root access via /etc/ssh/sshd_config
3. Don't allow passwords via /etc/ssh/sshd_config
4. Prohibit/limit ssh access via "wrappers"
5. ufw (Default rules are fine for the average home user)

If you are behind a router, most of this is an exercise.

What ssh are you trying to defend? Server or Desktop? Physical or Virtual?

so I can open the sshd_config file but when i try to save it it doesn't work. Is there a command in the terminal i can use that just disables SSH entirely from working at all?

Yes, turn it off or remove it.
How would you then access the server?

Disable all ssh requests to port 22 using ufw
Allow "MY_IP" to use ssh via ufw
"MY_IP" is your home/desktop/other/safe/computer's ip address.
for what you should use for MY_IP/32

If you solely want to turn off ssh
or similar...



If you don't know enough that /etc/ssh/sshd_config is only writable by a privileged user, should you really be attempting this exercise?

this is not a server setup it is a desktop OS setup. i unfortunately am just starting to burrow into the giant wood house that is linux

so i am a newb. i don't have a server running yet but i feel like if i could secure a linux desktop well i would at least have a chance at having so so server security when i do that in future.

you could either tell ufw to not allow ssh using:
or you could stop the ssh service deamon using:
or remove the ssh server daemon software using:
Your choice.

OK excellent i am just going to stop that service. can i do the same for the telnet signin service? i have telnet blocked on the UFW as well.

telnet the client, or telnetd the daemon?

You don't need a ufw rule for using the telnet client utility and NEVER run the telnet daemon.
telnet signin? wtf is that?

before reading below i found why i can't signin to either linux pc

I used your command "sudo apt-get remove openssh-server"

and it's not installed on either linux pc! DOLP! "homer simpson"

well from this i have learned a valuable lesson when trying to secure my pc. make sure the thing i am trying to protect is actually on my system in the 1st place!




lol

OK so i know this is the exact opposite of what i've been asking on this thread but

i figure what better way to test if i am protected than to try and sign in remotely with ssh myself! on my own network from a different linux pc i tried the
command in the terminal "ssh 192.168.1.xxx"

then from the computer itself i tried "ssh 127.0.0.1"

for both these i get "connection refused port 22"

now i turned the firewall off and I STILL get "connection refused port 22"

why would it refuse me if the firewall is set to OFF??