Re: SSH hammering

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMDaniel P. Stasinski at <-
MEric \"Shubes\" at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Mike Hoy
Date:  
To: plug-discuss
Subject: Re: SSH hammering
Alan Dayley wrote:

>On Thursday 28 April 2005 06:33 am, Mike Hoy wrote:
>
>
>>Hi,
>>
>>i just set up a new server with FC3. after reading george toft's
>>presentation on security i thought it would be a good idea. i had
>>gentoo installed and probably it was being hacked all the time, i don't
>>know.
>>
>>today in my new install of FC3 i was told as root that i 'had new
>>messages', in /var/spool/mail/root
>>so i checked it out
>>somebody has been trying to ssh into my acct with all kinds of
>>usernames and apparently with no success. i'm told this is called ssh
>>hammering and i need to setup iptables. I need to get started on
>>tightening up security on this thing. My server runs a website and ssh
>>will need to be running.
>>my question: (i'm sure more to come)
>>I was told I can set ssh up so that root can only access ssh from
>>127.0.0.1. how do i go about doing that. also how can i make my
>>personal username have access to /whatever/apache/htdocs/* so I don't
>>have to be root to edit things.
>>
>>
>
>For ssh configuring, this looks like a pretty good guide:
>
>http://www.siliconvalleyccie.com/linux-hn/ssh-server.htm
>
>I have found that my dsl connection drops and changes my IP so much that
>doing RSA keys, while more secure, was too painful (How to is explained
>in the link above).
>
>The best thing I did to stop login hammering was move ssh operate on a
>high, non-standard port (also explained in the link above) instead of the
>default 22. Check the list of ports here:
>
>http://www.iana.org/assignments/port-numbers
>
>Choose one that is above 1024 and not used much or at all. Then you have
>to specify the port number when logging in remotely. Something like:
>
>ssh -p NNNN server.name
>
>Not too hard and the password hammers have stopped, at least for me.
>
>Alan
>---------------------------------------------------
>PLUG-discuss mailing list -
>To subscribe, unsubscribe, or to change you mail settings:
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
thx alan actually i can't connect with ssh -p NNNN server.name
not sure why unless it's a dns thing. i have an ip only. so mine is ssh
-p NNNN user@ipaddress

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: SSH hammeringRe: Help correcting system time->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)