Changing SSH and Apache ports

Christofer C. Bell christofer.c.bell at gmail.com
Fri Dec 16 15:42:05 UTC 2005 

On 12/15/05, Dotan Cohen <dotancohen at gmail.com> wrote:
>
> I know that this won't save the system from a determined hacker, but
> thankfully I haven't been attacked by one yet. I do get a nice long
> daily log report though:
>
> And I am constantly being tried on sshd:
>     Authentication Failures:
>        unknown (63.211.110.142): 853 Time(s)
>        root (63.211.110.142): 129 Time(s)

[ . . . snipped . . . ]

>        operator (63.211.110.142): 1 Time(s)
>        rpm (202.129.48.100): 1 Time(s)
>        rpm (63.211.110.142): 1 Time(s)
>        sshd (202.129.48.100): 1 Time(s)
>     Invalid Users:
>        Unknown Account: 959 Time(s)

You may look into using the AllowUsers directive in
/etc/sshd/sshd_config.  While it won't prevent people from probing
your system, it does provide an additional level of protection against
a guessed password.  If you do set up AllowUsers, your log will end up
looking something like this instead:

**Unmatched Entries**
 User bin from 61.66.132.60 not allowed because not listed in AllowUsers
 User adm from 61.66.132.60 not allowed because not listed in AllowUsers
 User lp from 61.66.132.60 not allowed because not listed in AllowUsers
 User lp from 61.66.132.60 not allowed because not listed in AllowUsers
 User daemon from 61.66.132.60 not allowed because not listed in AllowUsers
 User ftp from 61.66.132.60 not allowed because not listed in AllowUsers
 User games from 61.66.132.60 not allowed because not listed in AllowUsers
 User gopher from 61.66.132.60 not allowed because not listed in AllowUsers
 User halt from 61.66.132.60 not allowed because not listed in AllowUsers
 User lp from 61.66.132.60 not allowed because not listed in AllowUsers
 User mail from 61.66.132.60 not allowed because not listed in AllowUsers

I suppose this is only helpful if you have accounts that have assigned
passwords that you do not want logged into via ssh remotely.

--
Chris

"I trust the Democrats to take away my money, which I can afford.  I
trust the Republicans to take away my freedom, which I cannot."

More information about the fedora-list mailing list