[SOLVED] using GUI UFW RULE TO BLOCK ALL IN?OUT SSH PORT 22 REQUESTS PLEASE HELP!
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
using GUI UFW RULE TO BLOCK ALL IN?OUT SSH PORT 22 REQUESTS PLEASE HELP!
looked at MY THREADS AND ALL OF THEM ARE LISTED EXCEPT THIS ONE> I KNOW OTHERS CAN SEE THIS THREAD DID I SOMEHOW POST THIS WRONG AND THAT'S WHY IT DOESN'T SHOW ON THE "MY THREADS LIST"?
ok so if I create a ufw rule to block ALL Inbound/outbound ssh requests on port 22. IS THIS AS GOOD AS CHANGING ALL THE SSH PASSWORD OR USING KEYS.
basically what i am asking is am I secure using the firewall to block ssh in this way or should i create keypairs for all my accounts root/user/guest etc and do it that way because it is more secure than using the UFW?????
i have checked the AUTH.LOG and see NO FAILED ATTEMPTS FROM ANY IP ADDRESS IN THE LAST 3 days......
please help!
Last edited by akiras rain; 12-26-2015 at 04:32 PM.
Reason: comment on AUTH.log and this thread isn't listed under MY THREADS
Blocking port 22 disables ssh access to the default port. If the ssh daemon listens on a different port, it's not blocked. In this sense, it's not the same as setting up keys or passwords, or disabling the service.
ok so what if i modify my ufw rule to not all ANY port to work for SSH??
Quote:
Originally Posted by berndbausch
Blocking port 22 disables ssh access to the default port. If the ssh daemon listens on a different port, it's not blocked. In this sense, it's not the same as setting up keys or passwords, or disabling the service.
ok so what if i modify my ufw rule to not all ANY port to work for SSH??
I might be wrong, but I doubt that ufw knows or cares for the program that listens on a port. You can use ufw to block ports, but you can't use it to block ports for a certain service.
Again, the recommendation is several layers of defense, e.g. block the port and disable the ssh service.
"PLEASE HELP" ? Stop with the CAPS typing please. It is CONSIDERED YELLING AND RUDE.
1. ssh Keys first and foremost.
2. Don't allow root access via /etc/ssh/sshd_config
3. Don't allow passwords via /etc/ssh/sshd_config
4. Prohibit/limit ssh access via "wrappers"
5. ufw (Default rules are fine for the average home user)
If you are behind a router, most of this is an exercise.
What ssh are you trying to defend? Server or Desktop? Physical or Virtual?
sorry about the caps. i am having trouble editing the sshd_config file
so I can open the sshd_config file but when i try to save it it doesn't work. Is there a command in the terminal i can use that just disables SSH entirely from working at all?
Quote:
Originally Posted by Habitual
1. ssh Keys first and foremost.
2. Don't allow root access via /etc/ssh/sshd_config
3. Don't allow passwords via /etc/ssh/sshd_config
4. Prohibit/limit ssh access via "wrappers"
5. ufw (Default rules are fine for the average home user)
If you are behind a router, most of this is an exercise.
What ssh are you trying to defend? Server or Desktop? Physical or Virtual?
so I can open the sshd_config file but when i try to save it it doesn't work. Is there a command in the terminal i can use that just disables SSH entirely from working at all?
Yes, turn it off or remove it.
How would you then access the server?
this is not a server setup it is a desktop OS setup. i unfortunately am just starting to burrow into the giant wood house that is linux
so i am a newb. i don't have a server running yet but i feel like if i could secure a linux desktop well i would at least have a chance at having so so server security when i do that in future.
Quote:
Originally Posted by Habitual
Disable all ssh requests to port 22 using ufw
Code:
sudo ufw disable ssh
Allow "MY_IP" to use ssh via ufw
Code:
sudo ufw allow from MY_IP/32 to any port 22
"MY_IP" is your home/desktop/other/safe/computer's ip address.
Code:
curl icanhazip.com
for what you should use for MY_IP/32
If you solely want to turn off ssh
Code:
service ssh stop
or similar...
Warning: How would you then access the server?
If you don't know enough that /etc/ssh/sshd_config is only writable by a privileged user, should you really be attempting this exercise?
ok this is atotal reversal on this thread but how would i try to login to ssh on my linux pc?
before reading below i found why i can't signin to either linux pc
I used your command "sudo apt-get remove openssh-server"
and it's not installed on either linux pc! DOLP! "homer simpson"
well from this i have learned a valuable lesson when trying to secure my pc. make sure the thing i am trying to protect is actually on my system in the 1st place!
lol
OK so i know this is the exact opposite of what i've been asking on this thread but
i figure what better way to test if i am protected than to try and sign in remotely with ssh myself! on my own network from a different linux pc i tried the
command in the terminal "ssh 192.168.1.xxx"
then from the computer itself i tried "ssh 127.0.0.1"
for both these i get "connection refused port 22"
now i turned the firewall off and I STILL get "connection refused port 22"
why would it refuse me if the firewall is set to OFF??
Quote:
Originally Posted by Habitual
telnet the client, or telnetd the daemon?
You don't need a ufw rule for using the telnet client utility and NEVER run the telnet daemon.
telnet signin? wtf is that?
Last edited by akiras rain; 01-01-2016 at 11:17 AM.
Reason: ok found the issue!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.