SSH concerns

  • Thread starter Thread starter k++
  • Start date Start date

k++

k++

k++

Associate
Joined
5 Oct 2004
Posts
585
Location
London
I have had repeated attempts to SSH into my home machine for a while from the Taiwanese National Chiao Tung University. Attempting many many different passwords for root and I have lost count of the number of usernames they have attempted.

Regarding the Taiwanese university would it be worth reporting this to the administrator, using the information from whois?

I'm sure, given times and dates they could narrow down the user but unsure about whether they would actually do anything about it.

I appreciate this happens very frequently, to most if not all people running ssh but I hate the idea of someone trying to login to MY computer.

Is there anything else I could do to secure it, I'm using the latest version of Tiger, my passwords are a minimum of 16 characters. The only thing that comes to mind right now is changing the port from 22.

cheers
 
P.s

A port scan of my ip reveals that ssh is running on 22, is there anyway to prevent a port scan?
 
no nmap at home, I'm using a computer at uni right now. I often check the security logs over ssh, to make sure there isn't a successful login that isn't from myself.

I could live without sshd running, but it's really very useful, especially copying uni work back and forth depending where I'm at.
 
whitecrook said:
mmm in that case, If you only use it from UNI, you could deny all, and allow just the uni's ip block access?
Click to expand...

Great idea, I'll find out how to do it when I get home

andshrew said:
Easiest way to stop the majority of unwanted connections is just to change to a non-standard port. You should also set it so that you can't log directly in as root and set it so that if a login attempt fails after a few attempts that it automatically blocks access from that IP.

The alternative would be if you only access it from Uni find out what their IP is and only allow SSH connections from that address.
Click to expand...

I like this multiple failed attempts = no more access, there have been times when I have needed access from outside of university, so blocking all but a range of IPs will cause problems.

My user account, like all default user accounts in Mac OSX is an administrator, I went though a period of limiting my account and had a separate account for root stuff. I had problems installing opencv recently so reverted back to a single administrator account.
Now it's installed there may not be any problems.

Thanks:)
 
You must log in or register to reply here.
Back
Top Bottom