break-in attempt in my machine
Karl Auer
kauer at biplane.com.au
Sat Aug 27 11:58:05 UTC 2016
On Sat, 2016-08-27 at 12:54 +0200, Volker Wysk wrote:
> This already goes on like this since yesterday. For me, this looks
> like someone tries to break in my machine via SSH, by trying many
> possible passwords.
Almost certainly yes.
Having ssh open to the world is better than having most other things
open to the world. but there are quite a few things you can do to make
a successful attack less likely. In order of goodness:
1: Turn off password access; require a publickey login.
2: Move ssh to a different port. Choose a random number between 1024
and 65000 and put ssh on that port.
3: Turn off ssh access for any accounts on your system that do not need
it
4: If you only need external access for certain commands, lock ssh down
to permitting only those commands.
5: If you will only be logging in from a limited set of other systems,
allow ssh logins only from those addresses (or subnets).
6: If you know you will only be logging in at certain times of the day
or on certain days, turn off ssh access outside those times.
7: If you are IPv6 capable, turn off IPv4 access.
8: Consider setting up something like fail2ban, which will blacklist
the IP address of anyone who tries (and fails) too frequently.
9: Consider setting up portknocking.
> My password is in no dictionary
Don't bet on that.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
More information about the ubuntu-users
mailing list