Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.development.apps > #253

Re: Security problem

From Carlos Moreno <moreno_news@mailinator.com>
Newsgroups comp.os.linux.development.apps
Subject Re: Security problem
Date Thu, 01 Sep 2011 11:47:14 -0400
Organization University of Waterloo
Lines 51
Message-ID <j3o9eb$jk9$1@rumours.uwaterloo.ca> (permalink)
References <j3jrp5$534$1@speranza.aioe.org>
NNTP-Posting-Host cm-16c.uwaterloo.ca
Mime-Version 1.0
Content-Type text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding 7bit
X-Trace rumours.uwaterloo.ca 1314892043 20105 129.97.10.215 (1 Sep 2011 15:47:23 GMT)
X-Complaints-To abuse@uwaterloo.ca
NNTP-Posting-Date Thu, 1 Sep 2011 15:47:23 +0000 (UTC)
User-Agent Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.20) Gecko/20110805 Thunderbird/3.1.12
In-Reply-To <j3jrp5$534$1@speranza.aioe.org>
Path csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.dougwise.org!feed.ac-versailles.fr!usenet-fr.net!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!news.glorb.com!tr22g12.aset.psu.edu!newsflash.concordia.ca!canopus.cc.umanitoba.ca!utnut!news.uwaterloo.ca!not-for-mail
Xref x330-a1.tempe.blueboxinc.net comp.os.linux.development.apps:253

Show key headers only | View raw

On 11-08-30 07:29 PM, jacob navia wrote:
> I have several computers that try to enter my machine via
> ssh. My log files are swamped by this people trying all
> possible user names several times a second.
>
> Is there a way to tell the ssh daemon to stop accepting more than 1
> request each minute after it fails (say) 3 times?
>
> Something like the "login" behavior?
>
> Thanks in advance for any help

Quite off-topic for this newsgroup ...  But not completely
unrelated to what we do here, so:

In addition to the other answer you got, I would advise:

1.  Do *not* allow root login  (in sshd_config, which on my
systems it is located on /etc/ssh/sshd_config) there is the
PermitRootLogin parameter, commented out --- uncomment it
and set it to *no*  (you can always login as a regular user
and use sudo, or su to become root)

2.  Preferably, put a list of allowed users --- the AllowUsers
configuration parameter, followed by the user names.  (and by
all means, *do choose good passwords* for these accounts)

3.  Optionally, you could run SSH on a different port; pick
some number above 10000 or so, at random, and set it in the
Port configuration parameter --- then, connect (if connecting
from a Linux shell) with:  ssh -p NNNNN  (or indicate the
port number at the right dialog, if using some GUI tool to
connect).

Of course, do all these changes from a logged in shell *without
disconnecting*, and test them to make sure that you have
access to it *before you disconnect the initial login instance*
(that way, if you make a mistake in the sshd_config file, you
can correct it, instead of irreversibly being cut off from
that machine).

Alternatively, you could schedule (with *at* from a root console)
a script that restores the original sshd_config file and restarts
the sshd service for, say, 10 minutes in the future --- if things
go wrong, then just wait 10 minutes and log in and try again;  if
things go ok, then just use *atrm* to remove the scheduled job.

HTH,

Carlos
--

Back to comp.os.linux.development.apps | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Security problem jacob navia <jacob@spamsink.net> - 2011-08-31 01:29 +0200
  Re: Security problem GangGreene <GangGreene@invalid.com> - 2011-08-30 19:47 -0400
    Re: Security problem jacob navia <jacob@spamsink.net> - 2011-08-31 02:20 +0200
    Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-09-02 16:19 +0200
      Re: Security problem Noob <root@127.0.0.1> - 2011-12-01 11:24 +0100
        Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-01 13:11 +0100
          Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 13:34 +0000
            Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-01 16:19 +0100
              Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 17:10 +0000
                Re: Security problem David Brown <david.brown@removethis.hesbynett.no> - 2011-12-01 23:17 +0100
                Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-01 22:34 +0000
                Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-02 10:25 +0100
                Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-12-02 10:37 +0000
                Re: Security problem Rainer Weikusat <rweikusat@mssgmbh.com> - 2011-12-02 14:44 +0000
                Re: Security problem David Brown <david@westcontrol.removethisbit.com> - 2011-12-02 17:11 +0100
                Re: Security problem André Gillibert <MetaEntropy.removeThis@gmail.com> - 2011-12-03 11:45 +0100
                Re: Security problem Noob <root@127.0.0.1> - 2011-12-05 13:26 +0100
  Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-01 11:47 -0400
    Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-01 17:01 +0100
      Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-01 15:48 -0400
        Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-01 22:44 +0100
          Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 14:27 +0100
      Re: Security problem Jasen Betts <jasen@xnet.co.nz> - 2011-09-02 11:06 +0000
        Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 13:49 +0100
          Re: Security problem Carlos Moreno <moreno_news@mailinator.com> - 2011-09-02 13:58 -0400
            Re: Security problem Richard Kettlewell <rjk@greenend.org.uk> - 2011-09-02 19:31 +0100
  Re: Security problem "Ersek, Laszlo" <lacos@caesar.elte.hu> - 2011-09-01 21:01 +0200

csiph-web