SSH hacked?

[H.S.]

NoOp wrote:
> On 01/13/2009 08:45 AM, Kent Borg wrote:
> 
>> Conclusion: Moving sshd to a different port is a distraction from real
>> issues of security. (Like the old joke about the drunk looking for his
>> keys under the street light because it is easier to see there--no matter
>> that he dropped in the dark alley.)
> 
> Yeah, well if the keys are in the dark alley, it is quite unlikely that
> the drunk will find them looking under the streetlight...

I have a router machine in my home lan. I forward a few non-standard
ports to a few internal lan machines and keep port 22 for the router
machine only. Works very well. Additionally (I am jumping here in this
thread, apologies if this has already been mentioned), I also use
AllowUsers in /etc/ssh/sshd_config to restrict the usernames that are
allowed to connect via SSH. Plus, I also have an iptables line that
limits the SSH attempts using limit and busts commands. Finally, I also
have fail2ban for the router machine checking the port 22. Last, but not
the least, I have a strong passwords.

The good thing about using non-standard port *while maintaining other
precautions* for me at least is that I do not get noise in my
/var/log/auth.log file. I have never seen breakin attempts at the
non-standard ports though.

Next, a better alternative is to use passphraseless logins. That
enhances security by not requiring typing of passwords on the client
machine.


> While there are all sorts of pros/cons regarding obfuscating
> ports/services (as others have pointed out), I fail to understand your
> outright dismissal of the suggestion. Bot scripts are typically not

Some people do that and forget that there is no ideal solutions. The
best one can do is to minimize the chances of breakins. Well, standard
port does help in the case of the regular bot attempts. It may not help
if somebody is dedicated to break in to a machine, but then rest of the
precautions come in to play (as I mentioned above).



>>
>> P.S. Keeping your password secret includes not typing it on a spyware
>> loaded computer that is recording your keystrokes. That is why I don't
>> use my Windows computer at work to log into my system at home, I don't
>> think that computer is infected, but I don't trust Windows in general, I
>> use my personal Ubuntu notebook instead.
>>
> 
> Now that's just plain silly. Perhaps you should look into securing your
> Windows computer as well and looking into secure VPN's.


And/or use passphraseless SSH logins.

Regards.


-- 

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.