Find the answer to your Linux question:
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 11 to 20 of 23
That's excellent guys, thanks for all of your suggestions. I will be running through this stuff tonight!...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133

    That's excellent guys, thanks for all of your suggestions. I will be running through this stuff tonight!

  2. #12
    Just Joined!
    Join Date
    Feb 2007
    Posts
    6

    Lightbulb secure ssh with pam-abl

    Other good way to sleep well, is to use pam-abl to protect ssh from brute force atack. Works perfect for all mine ubuntused machines.

  3. #13
    Linux Newbie felipe1982's Avatar
    Join Date
    Oct 2006
    Posts
    164
    Quote Originally Posted by Krendoshazin
    disable ssh to all accounts that don't need it, esspecially remote root login................
    curious to know how this is done. I'd like to make ALL USERS BANNED except ones I explicitly add to a "list"

  4. #14
    Just Joined!
    Join Date
    Feb 2007
    Posts
    6
    Quote Originally Posted by felipe1982
    curious to know how this is done. I'd like to make ALL USERS BANNED except ones I explicitly add to a "list"
    Quite easy. Just edit /etc/ssh/sshd_config. Set PermitRootLogin to no and add the parameter AllowUsers user1 user2 user3.
    ____________
    My homble vista and linux comparison.

  5. #15
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,882
    Turn off all password access, force users to log-on with an rsa2 key, and carry yours on a usb pen drive or summat like that.

    Dont use port 22, pick a random one, change it occasionally if you're feeling nervous.

    If you always log in from the same place and that place has a static IP address, use your iptables firewall rules to deny access to anyone on your SSH port unless they're connecting from that address.

    In fact, this last one is so good, that I use it and run my ssh server on port 22!
    Linux user #126863 - see http://linuxcounter.net/

  6. #16
    Just Joined!
    Join Date
    Feb 2007
    Posts
    6
    Quote Originally Posted by Roxoff
    Turn off all password access, force users to log-on with an rsa2 key, and carry yours on a usb pen drive or summat like that.
    That's not always applyable. For example if it is a public hosting server. It's not quite easy to explain to everyon how to use the keys.

    Quote Originally Posted by Roxoff
    Dont use port 22, pick a random one, change it occasionally if you're feeling nervous.
    Too much of panic. Won't help really, is someone truely wants to hack your machine.

    Quote Originally Posted by Roxoff
    If you always log in from the same place and that place has a static IP address, use your iptables firewall rules to deny access to anyone on your SSH port unless they're connecting from that address.
    Yes good variant, but may bring a serious problem in emergency situation, if you're in a different place or occasional IP change. I'd recommend to use libpam-abl with a white rule to your basic IP, and with a very strong rule for any other.

    ____________
    My XFCE 4.4.0 ubuntu packports repository.

  7. #17
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,882
    Quote Originally Posted by Rommidze
    That's not always applyable. For example if it is a public hosting server. It's not quite easy to explain to everyon how to use the keys.
    Yeah, but if it isn't a public server, maybe for instance, bigtomrodney's private server, then this might be a good idea... It ups the security level by several thousand percent.
    Quote Originally Posted by Rommidze
    Too much of panic. Won't help really, is someone truely wants to hack your machine.
    lol, if someone truely wants to hack your machine they'll not be put off no matter what you do. You're not stopping those people, you're stopping those nobends that are looking to compromise any computer they can. This tells them you're too much trouble and to bugger off elsewhere.

    Quote Originally Posted by Rommidze
    Yes good variant, but may bring a serious problem in emergency situation, if you're in a different place or occasional IP change. I'd recommend to use libpam-abl with a white rule to your basic IP, and with a very strong rule for any other.
    Or if none of that applies, then why not just limit access from your single IP address. Maybe you could have just made this suggestion without being so critical? At the last two companies I worked for (my current employer, 18 months, and their gateway IP hasn't changed, my previous employer 11 yrs and their gw IP never changed), they never changed their IP in an 'emergency' - only once where they used a different external IP for one day while they put in a new firewall...
    Linux user #126863 - see http://linuxcounter.net/

  8. #18
    Just Joined!
    Join Date
    Feb 2007
    Posts
    6
    Quote Originally Posted by Roxoff
    At the last two companies I worked for (my current employer, 18 months, and their gateway IP hasn't changed, my previous employer 11 yrs and their gw IP never changed), they never changed their IP in an 'emergency' - only once where they used a different external IP for one day while they put in a new firewall...
    I have to get an access to servers from home. My home ADSL IP is changing every 24 hrs. I can restrict access only to a my IP subnet, but i see a brute force attempts from the same subnet (I think spywared machines).

  9. #19
    Linux Guru smolloy's Avatar
    Join Date
    Apr 2005
    Location
    CA, but from N.Ireland
    Posts
    2,414
    Quote Originally Posted by Rommidze
    I have to get an access to servers from home. My home ADSL IP is changing every 24 hrs. I can restrict access only to a my IP subnet, but i see a brute force attempts from the same subnet (I think spywared machines).
    Maybe you could report those IP addresses to your ISP (since they seem to have the same ISP as you). That way you might get them to clean up their act, and do us all a favour in the process!
    Registered Linux user #388328 || Registered LFS user #15880
    AMD 64 X2 4600+ :: 2X1GB DDR2 800 :: GeForce 9400 GT 512MB :: ASUS M2N32 Deluxe :: 4X250GB SATAII
    Need instant help? Try us on IRC -- #linuxforums on freenode

  10. #20
    Just Joined!
    Join Date
    Feb 2007
    Posts
    6
    Quote Originally Posted by smolloy
    Maybe you could report those IP addresses to your ISP (since they seem to have the same ISP as you). That way you might get them to clean up their act, and do us all a favour in the process!
    I've tryed. Zero result. The thousands of trojaned windows machines connected to the internet via high speed broadband... That's not the US. That's Russia. The laws and rules do not work. I'am even receiving brute force atacks to my home machine. The IP of atacker seem to be from the near house. What I have to do? To go the and to kick the face of the dummy user watching porno.exe received by him via e-mail ?

Page 2 of 3 FirstFirst 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •