15 Mar
2010
15 Mar
'10
12:52 p.m.
On Mon, 15 Mar 2010 11:37:35 +0000
Paul Tansom <paul(a)aptanet.com> wrote:
Standard on my Debian Lenny system. I have never liked the use of
sudo with no root password as used by that other distro
Installed Fail2Ban this morning and hope I have set it up correctly.
My only 'complaint' so far is that I cannot do
'tail /varlog/fail2ban.log' without having to su first. I believe there
are ways round this but haven't followed this up as yet.
** Andy Smith <andy(a)bitfolk.com> [2010-03-14
16:22]:
Checking my /var/log/auth.log I realised I was getting hundreds if
not thousands of attempts to ssh into my server.
Hello,
This very long email is about possible pro-active measures I could
take to prevent customers being compromised by SSH dictionary
attacks. The first part is just a recap of how we got here and what
happens. If you want to make it shorter by skipping that, then skip
to line 59 which begins with "Being compromised by an SSH dictionary
attack..."
<snip> > 1) Only use strong passwords.
I have just updated my root password to something stronger (hopefully)
as a result of this thread.
> 2) Don't use passwords at all, only keys.
I set up a key for normal user ssh access right from the outset, I
didn't find it too difficult a task as there is plenty of 'help' just
a google away.
3) Disable
root login.
Should be standard to my mind, although as has been said, a
compromised Ubuntu account has sudo access with the password that has
already been compromised. 5) Install
DenyHosts or Fail2Ban.
I'd go for Fail2Ban as default personally, and it should be fairly
easy to promote this as a benefit to hosting for the less technical
customers. Those that are technical can easily disable it if
preferred - again with some good documentation :) > 6) Move sshd to another port.
I thought to do that as well but found it wasn't just a matter of
changing the port from 22 to summat else in /etc/ssh/sshd_config as I
couldn't then ssh in when I tested it from another terminal getting an
'unable to open port 22' error.
Thanks Andy for bringing this to our attention. 'Proper' sys-admins may
well be born knowing with this sort of stuff but us dabblers
need a bit of help from time to time.
One of these days I must have another go at use the spam filtering you
supply but don't want to end up giving you grief as I did last time ;-(
--
John Lewis
Debian & the GeneWeb genealogical data server