SSH concerns

  • Thread starter Thread starter k++
  • Start date Start date

k++

k++

Associate
Joined
5 Oct 2004
Posts
585
Location
London
I have had repeated attempts to SSH into my home machine for a while from the Taiwanese National Chiao Tung University. Attempting many many different passwords for root and I have lost count of the number of usernames they have attempted.

Regarding the Taiwanese university would it be worth reporting this to the administrator, using the information from whois?

I'm sure, given times and dates they could narrow down the user but unsure about whether they would actually do anything about it.

I appreciate this happens very frequently, to most if not all people running ssh but I hate the idea of someone trying to login to MY computer.

Is there anything else I could do to secure it, I'm using the latest version of Tiger, my passwords are a minimum of 16 characters. The only thing that comes to mind right now is changing the port from 22.

cheers
 
P.s

A port scan of my ip reveals that ssh is running on 22, is there anyway to prevent a port scan?
 
Disconnect from the internet. No really, that's pretty much the only way.

Unless you need to use SSH from the outside world, you could always just block it - or at least, block the IP range that university has.
 
have you got nmap installed?

You can use that to port scan. Obviously it's a bit silly checking from inside your network though.

I get the same thing I have sshd running and FTP and I get hammered with hundreds of hits trying to gain access from all over. Running WinXP here - is there anyway to prevent this other than say port-knocking?
 
no nmap at home, I'm using a computer at uni right now. I often check the security logs over ssh, to make sure there isn't a successful login that isn't from myself.

I could live without sshd running, but it's really very useful, especially copying uni work back and forth depending where I'm at.
 
Easiest way to stop the majority of unwanted connections is just to change to a non-standard port. You should also set it so that you can't log directly in as root and set it so that if a login attempt fails after a few attempts that it automatically blocks access from that IP.

The alternative would be if you only access it from Uni find out what their IP is and only allow SSH connections from that address.
 
mmm in that case, If you only use it from UNI, you could deny all, and allow just the uni's ip block access?

Great idea, I'll find out how to do it when I get home

andshrew said:
Easiest way to stop the majority of unwanted connections is just to change to a non-standard port. You should also set it so that you can't log directly in as root and set it so that if a login attempt fails after a few attempts that it automatically blocks access from that IP.

The alternative would be if you only access it from Uni find out what their IP is and only allow SSH connections from that address.

I like this multiple failed attempts = no more access, there have been times when I have needed access from outside of university, so blocking all but a range of IPs will cause problems.

My user account, like all default user accounts in Mac OSX is an administrator, I went though a period of limiting my account and had a separate account for root stuff. I had problems installing opencv recently so reverted back to a single administrator account.
Now it's installed there may not be any problems.

Thanks:)
 
As above, I have found that changing the port SSH runs on, disable root login and set max login attempts to 2-3 pretty much stops these kind of brute force attacks.
 
i use denyhosts on my ubuntu machine - used to get hammered with requests and the amount of ip's being added to hosts.deny was rather amazing, but then i changed sshd to run on 443 so i could access it through my schools firewall ;)
 
Back
Top Bottom