Questions concerning Security Log - moving ssh port
Andy Green
andy at warmcat.com
Fri Apr 8 08:33:07 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Howarth wrote:
| belongs to which "actual" user. Using suitably strong passwords (or
| certificates) is probably a better fix.
Another trick to avoid these automated ssh scripts is to move off port
22. (Don't use 12345, pick a random port)
Edit the line near the top of /etc/ssh/sshd_config
Port 12345
and
iptables -I INPUT -ptcp --dport 12345 -j ACCEPT
or
iptables -I INPUT -ptcp --dport 12345 -s 192.168.0.0/16 -j ACCEPT
(only allows connects from 192.168.*.* ... don't use if your IP might
change subnet, eg, cablemodem user, or you might get locked out of your
server!)
on the commandline and copied to /etc/rc.local (or apparently service
iptables save, but I am too crunchy to have tried that)
and
service sshd restart
and voila, port 22 is closed and is uninterested in evil scripts, and
port 12345 is where your ssh is at. To use the alternative port it is
marginally more grief:
ssh -p12345 user at host
scp -P12345 user at host:/path destination
(note capital P on SCP switch).
- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCVkHCjKeDCxMJCTIRAqSRAJ4ygHTdvPo2RYyvVj4222Ou3dCcdQCfcur/
wmE7oM9XokqC3n+g3sceR90=
=UoK2
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list