Professional Web Applications Themes

sshd - FreeBSD

Hello list, when I am watching the /var/log/auth.log I see many missed logins from IP-addresses I never tried to login from. Am I right that they is a hacker trying to login on my mashine, because he was using loginnames I never created on my mashine like patrick, lydia, green, admin, and so on...? With regards Stevan Tiefert...

  1. #1

    Default sshd

    Hello list,

    when I am watching the /var/log/auth.log I see many missed logins from
    IP-addresses I never tried to login from. Am I right that they is a hacker
    trying to login on my mashine, because he was using loginnames I never
    created on my mashine like patrick, lydia, green, admin, and so on...?

    With regards
    Stevan Tiefert

    Stevan Guest

  2. #2

    Default Re: sshd

    On Wed, Mar 02, 2005 at 08:00:13AM +0100, Stevan Tiefert wrote:
    " Hello list,
    "
    " when I am watching the /var/log/auth.log I see many missed logins from
    " IP-addresses I never tried to login from. Am I right that they is a hacker
    " trying to login on my mashine, because he was using loginnames I never
    " created on my mashine like patrick, lydia, green, admin, and so on...?
    "
    " With regards
    " Stevan Tiefert

    It seems to you are right. If you know that you go to you mashine
    only from one or two IP, you can write it in your firewall. For
    example, if you use ipfw:

    ext_if=rl0
    trusted_ip=1.2.3.4,3.4.2.1
    ipfw add allow tcp from $trusted_ip to me ssh in recv $ext_if
    ipfw add allow tcp from me ssh to $trusted_ip out xmit $ext_if

    Or something else.


    " _______________________________________________
    " org mailing list
    " http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    " To unsubscribe, send any mail to "org"

    --
    Sensory yours, Eugene Minkovskii
    Сенсорно ваш, Евгений Миньковский
    Eugene Guest

  3. #3

    Default Re: sshd



    On Wed, 2 Mar 2005, Eugene M. Minkovskii wrote:
     

    Thanks Eugene, but I can not close myself out with a firewall. I need the
    access to my system over the internet. Am I right that in this case, only
    a good password is protecting me?

    With regards
    Stevan Tiefert

    Stevan Guest

  4. #4

    Default Re: sshd

    > [...] I can not close myself out with a firewall. I need the 

    If you have a way of transporting a private key file to wherever you need
    to log in from (removable media, one last password login, whatever is
    secure enough for your satisfaction), you can use public-key cryptography
    and disable password based logins altogether.

    Take a look at the man pages of ssh-agent, ssh-add, ssh-keygen, and
    google around a bit - it is not too hard to set up.

    Cheers,
    -Jan Christian
    Jan Guest

  5. #5

    Default Re: sshd



    On Wed, 2 Mar 2005, Jan Christian Meyer wrote:
     
    >
    > If you have a way of transporting a private key file to wherever you need
    > to log in from (removable media, one last password login, whatever is
    > secure enough for your satisfaction), you can use public-key cryptography
    > and disable password based logins altogether.
    >
    > Take a look at the man pages of ssh-agent, ssh-add, ssh-keygen, and
    > google around a bit - it is not too hard to set up.
    >
    > Cheers,
    > -Jan Christian
    >[/ref]

    Dear Jan :-)

    Thanks for this hint!!! That is what I need!!!

    With regards
    Stevan Tiefert

    Stevan Guest

  6. #6

    Default Re: sshd

    On Mar 2, 2005, at 1:53 AM, Stevan Tiefert wrote: 

    Steven,

    Change the port sshd runs on in /etc/ssh/sshd_config. Once I changed
    the port, I stopped seeing all those log in attempts.

    HTH
    __________________________________________________ _____
    Eric F Crist "I am so smart, S.M.R.T!"
    Secure Computing Networks -Homer J Simpson

    Eric Guest

  7. #7

    Default Re: sshd



    On Wed, 2 Mar 2005, Eric F Crist wrote:
     
    >
    > Steven,
    >
    > Change the port sshd runs on in /etc/ssh/sshd_config. Once I changed
    > the port, I stopped seeing all those log in attempts.
    >
    > HTH
    > __________________________________________________ _____
    > Eric F Crist "I am so smart, S.M.R.T!"
    > Secure Computing Networks -Homer J Simpson
    >
    > _______________________________________________
    > org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    > To unsubscribe, send any mail to "org"
    >[/ref]

    Hello Eric,

    that meens also to change the port at the ssh-client with "ssh -p ??",
    isn't it?

    With regards
    Stevan Tiefert

    Stevan Guest

  8. #8

    Default Re: sshd



    Yes, you'd need to use ssh -p in order to connect to the new port,
    instead of the default port (22).

    -Tomas Quintero
    Tomas Guest

  9. #9

    Default Re: sshd

    On Wed, Mar 02, 2005 at 02:31:16PM +0100, Stevan Tiefert wrote: 

    Alternatively, you can set up a Host section in your ~/.ssh/config file:

    Host myhost
    Hostname FQDN.for.myhost
    Port 1221

    Obviously, you would need to set this up on each client host you connect
    from.

    You can then just invoke ssh in the normal manner - it will pick up your
    settings each time for you.

    Dan

    --
    Daniel Bye

    PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
    PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F
    _
    ASCII ribbon campaign ( )
    - against HTML, vCards and X
    - proprietary attachments in e-mail / \

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iD8DBQFCJcWBhvzwOpChvo8RAlC6AJ9/H98y3y6Dcem5ggLRK7akC2QWZgCbBd6R
    j/LFyvS/LgvtCrQIRUN3rSo=
    =b17Y
    -----END PGP SIGNATURE-----

    Daniel Guest

  10. #10

    Default Re: sshd

    On Mar 2, 2005, at 7:31 AM, Stevan Tiefert wrote:
     
    >>
    >> Steven,
    >>
    >> Change the port sshd runs on in /etc/ssh/sshd_config. Once I changed
    >> the port, I stopped seeing all those log in attempts.
    >>
    >> HTH
    >> __________________________________________________ _____
    >> Eric F Crist "I am so smart, S.M.R.T!"
    >> Secure Computing Networks -Homer J Simpson[/ref]
    >
    > Hello Eric,
    >
    > that meens also to change the port at the ssh-client with "ssh -p ??",
    > isn't it?
    >
    > With regards
    > Stevan Tiefert[/ref]

    Steven,

    You are correct. For example, if you were to use 8000 as your new
    port, you would use a command similar to this to connect:

    # ssh -p 8000 -l username 10.0.0.1

    HTH
    __________________________________________________ _____
    Eric F Crist "I am so smart, S.M.R.T!"
    Secure Computing Networks -Homer J Simpson

    Eric Guest

Similar Threads

  1. Trouble with sshd in jail
    By musikcom@ngs.ru in forum FreeBSD
    Replies: 3
    Last Post: February 17th, 04:03 PM
  2. sshd goes catatonic on AIX 5.2 ML1
    By Florian M. Weps in forum AIX
    Replies: 4
    Last Post: August 31st, 03:17 PM
  3. sshd stop working
    By Micha Feigin in forum Debian
    Replies: 1
    Last Post: August 1st, 09:10 PM
  4. Also won't for me (no sshd)
    By Colin Watson in forum Debian
    Replies: 0
    Last Post: July 8th, 11:00 AM
  5. sshd start weirdness
    By Bob Bernstein in forum Debian
    Replies: 3
    Last Post: July 6th, 06:30 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139