[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Questions concerning Security Log - moving ssh port



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Howarth wrote:

| belongs to which "actual" user. Using suitably strong passwords (or
| certificates) is probably a better fix.

Another trick to avoid these automated ssh scripts is to move off port
22.  (Don't use 12345, pick a random port)

Edit the line near the top of /etc/ssh/sshd_config

Port 12345

and

iptables -I INPUT -ptcp --dport 12345 -j ACCEPT

or

iptables -I INPUT -ptcp --dport 12345 -s 192.168.0.0/16 -j ACCEPT
(only allows connects from 192.168.*.* ... don't use if your IP might
change subnet, eg, cablemodem user, or you might get locked out of your
server!)


on the commandline and copied to /etc/rc.local (or apparently service iptables save, but I am too crunchy to have tried that)

and

service sshd restart


and voila, port 22 is closed and is uninterested in evil scripts, and port 12345 is where your ssh is at. To use the alternative port it is marginally more grief:

ssh -p12345 user host

scp -P12345 user host:/path destination

(note capital P on SCP switch).

- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFCVkHCjKeDCxMJCTIRAqSRAJ4ygHTdvPo2RYyvVj4222Ou3dCcdQCfcur/
wmE7oM9XokqC3n+g3sceR90=
=UoK2
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]