break-in attempt in my machine
Kevin O'Gorman
kogorman at gmail.com
Sun Aug 28 04:15:44 UTC 2016
I should add that I don't use the Linux configs to change the port. I do
that in my router. It does NAT (network address translation) and sends
particular incoming ports to different hosts, with a port change. I had to
do that anyway, to allow incoming traffic at all, so I saved a step.
Inside the router, it all looks like port 22. Come to think of it, if I do
port knocking I'll have to get the router involved in that as well or the
knocks will never be seen.
On Sat, Aug 27, 2016 at 9:10 PM, Kevin O'Gorman <kogorman at gmail.com> wrote:
> I've had the similar experience with port 22. When I had it open, I was
> deluged with login attempts. I switched to another port, not even a very
> random one, and it went down to zero. And stayed there. Now it's more
> random, and NO password gets you in without my having your public key, and
> I only take keys from my own machines, so that's never going to be the main
> attack vector.
>
> Nevertheless, I'm gonna read Karl's blog, and maybe tighten it up some
> more. Portknocking? sshguard? We'll see.
>
> On Sat, Aug 27, 2016 at 6:39 PM, Karl Auer <kauer at biplane.com.au> wrote:
>
>> On Sat, 2016-08-27 at 21:58 +1000, Karl Auer wrote:
>> > Having ssh open to the world is better than having most other things
>> > open to the world. but there are quite a few things you can do to
>> > make a successful attack less likely. In order of goodness:
>>
>> Here's a blog entry with more specifics on how do do the things I
>> suggested:
>>
>> http://biplane.com.au/blog/?p=426
>>
>> Thanks Jonesy for the sshguard suggestion. Looks quite a bit simpler
>> than fail2ban.
>>
>> By the way, anyone that has ssh access open to the world MUST take
>> extra precautions. At an absolute minimum, any account that can log in
>> via ssh MUST have a VERY GOOD PASSWORD - twenty or thirty random
>> characters including numbers, punctuation and both cases. Otherwise you
>> WILL get hacked. But it would be a much better idea to read the above
>> blog entry and implement the first few ideas at least.
>>
>> Regards, K.
>>
>> --
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Karl Auer (kauer at biplane.com.au)
>> http://www.biplane.com.au/kauer
>> http://twitter.com/kauer389
>>
>> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
>> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
>>
>>
>>
>>
>> --
>> ubuntu-users mailing list
>> ubuntu-users at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailm
>> an/listinfo/ubuntu-users
>>
>
>
>
> --
> Kevin O'Gorman
> #define QUESTION ((bb) || (!bb)) /* Shakespeare */
>
> Please consider the environment before printing this email.
>
--
Kevin O'Gorman
#define QUESTION ((bb) || (!bb)) /* Shakespeare */
Please consider the environment before printing this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20160827/0812e990/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 441 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20160827/0812e990/attachment.gif>
More information about the ubuntu-users
mailing list