www.chilliwave.com

Wifi Network Distribution and Billing Server
It is currently Tue Nov 21, 2017 3:57 pm

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: For those who use ssh login
PostPosted: Mon Dec 05, 2011 4:32 am 
Offline

Joined: Tue Apr 29, 2008 6:10 am
Posts: 231
Hi guys,

Recently i found a hell of a lot of attempts to login on my machine via ssh.
From the default install its wise to change the port of ssh to another port then 22, this will already save you from a lot of attempts.
To do this, find your sshd_config (normal in /etc/ssh/sshd_config) and in that file look for the port 22.
Change that to any port you like but make sure that its a port that you do not use for anything else.
Also in the same file, you can disallow root access to ssh. (#PermitRootLogin no, remove the #)

Another option is to install fail2ban, it will check you auth.log for failed login attempts and then ban the ip for 10minutes via the iptables. After 10 minutes the rule is removed again.
You can find more information about fail2ban here: www.fail2ban.org

In my case, i run two ssh deamons. The one on port 22 leads to nowhere but fail2ban.
From time to time i check the banned ip's if they are the same of any of the hotspots.
That way i can tell if a user of the hotspot is trying to get into my server.

Greetings
Steven
ps after making changes to the ssh deamon config, do not forget to restart the deamon with:
sudo /etc/init.d/ssh restart

_________________
3.4 server on proxmox + experimenting with ......


Top
 Profile  
 
 Post subject: Re: For those who use ssh login
PostPosted: Tue Dec 06, 2011 4:00 pm 
Offline
User avatar

Joined: Wed Dec 16, 2009 11:20 pm
Posts: 165
Thanks for the heads up, sounds like a good plan.

_________________
------------
Running Proxmox with ChillwaveNG (heavily modified) in VMWARE on Windows 7
------------


Top
 Profile  
 
 Post subject: Re: For those who use ssh login
PostPosted: Sun Dec 11, 2011 9:27 am 
Offline

Joined: Tue Nov 23, 2010 9:47 am
Posts: 15
Thanks

Checked my log and found similar attempts . :shock:
Installed app and its working. 8)

Also interesting to see the names they use to attempt to login. :lol:


Is there a way to monitor node/hotspot login attempts. :?:

Thanks again for that info / app.

AB

_________________
Proxmox 1.8
CW 716 Bionic


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group