Soldato
- Joined
- 29 Dec 2009
- Posts
- 7,335
EDIT
Last edited:
See who's logged into SSH and when?
- Thread starter On Holiday
- Start date
Soldato
- Joined
- 3 Apr 2003
- Posts
- 3,938
- Location
- InterZone
/var/log/secure will tell you most of what you are looking for, doesn't record the passwords they use though. Just make sure you choose a secure password/passphrase and you shouldn't have anything to worry about.
Use grep for 'Failed password' and 'Invalid user' and you should bring your interesting info out.
Use grep for 'Failed password' and 'Invalid user' and you should bring your interesting info out.
- Joined
- 29 Dec 2009
- Posts
- 7,335
EDIT
Last edited:
on this topic, how do you guys feel about opening up your home linux to the web via SSH hidden behind just a password? Is it commonly done?
Really would like access to my home box from work but my work IP changes all the time so I can't restrict it to an IP range, so i'd be left with a bare password protecting by box.
Really would like access to my home box from work but my work IP changes all the time so I can't restrict it to an IP range, so i'd be left with a bare password protecting by box.
It's not the end of the world, better using a VPN though
It shouldn't be an issue as long as you use public key authentication. Disable PasswordAuthentication.
Keep an eye on http://www.openssh.org/list.html as well as your distro's security mailing list.
Associate
- Joined
- 19 Jan 2010
- Posts
- 561
That's a relatively new concept, which is yet to find it's way into most programs I'd believe.
However, I'd be loath to use it, as it means having to open even more ports that could potentially be exploited, unless as part of it's implementation it only opens the relevent ports for a small period of time to accomplish the 'login'.
A couple of usual things to do are:
Run your SSH server on a port other than 22.
Disable root logon via SSH
Use cryptic(ish) usernames, eg if your name is James dont use james, use something like j@m3s or something. Having to figure out your username is another level of security someone has to get through.
Run your SSH server on a port other than 22.
Disable root logon via SSH
Use cryptic(ish) usernames, eg if your name is James dont use james, use something like j@m3s or something. Having to figure out your username is another level of security someone has to get through.
From what I've read the idea is that all ports in question are closed but the failed connections are logged. Once the correct sequence is found the ssh port is opened to that ip, once a connection is made it closes again.
I use ssh for rsync which makes it difficult to use I suppose. I just turn off password authentication but the number of logged failed login attempts is scary
Soldato
- Joined
- 10 Oct 2005
- Posts
- 8,718
- Location
- Nottingham
I used to have SSH open to the Internet so I could get into my system remotely (I don't at the moment as I have no current need to do so) but I found just changing what port is forwarded through to the box from the router made all of the failed login attempts go away ... I.e. I forwarded the external port 59xxx to port 22 on the Linux box so externally I'd connect to that high numbered port instead. Of course it is security through obscurity so I still did the other things suggested too (no root login, key based authentication, etc etc) as well and had no issues for the 10 years I did it for.
A couple of good suggestions in this thread
disable root login via ssh
put sshd on a different port
use key based authentication rather than passwords
A few to add that may be worth using.
Only have an allowed user list able to ssh in rather than every account on the server
run fail2ban to ensure any attempts to brute force are quickly dealt with
disable root login via ssh
put sshd on a different port
use key based authentication rather than passwords
A few to add that may be worth using.
Only have an allowed user list able to ssh in rather than every account on the server
run fail2ban to ensure any attempts to brute force are quickly dealt with