home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   alt.os.linux.slackware      I think its the one without Selinux crap      87,272 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 85,417 of 87,272   
   Henrik Carlqvist to carriunix   
   Re: Problems in SSH configuration   
   05 Sep 21 17:04:31   
   
   From: Henrik.Carlqvist@deadspam.com   
      
   On Sun, 05 Sep 2021 15:43:15 +0000, carriunix wrote:   
   > Using another interface, everything works fine.   
      
   Great that the problem is solved!   
      
   Maybe one word of caution:   
      
   I don't know what sshd_config looks like on Ubuntu, but I do know that   
   the root account usually is unusable on Ubuntu and administrative tasks   
   are done with sudo instead. On Slackware the root account is usable and   
   if you open up ssh on a public IP you should make sure that you have:   
      
   PermitRootLogin no   
      
   ...in /etc/ssh/sshd_config   
      
   You should also make sure that all usable accounts use hard to guess   
   passwords if you allow ssh password login.   
      
   This is what my log files look like on a system which has ssh on port   
   2222 on a public IP address:   
      
   ...   
   Sep  5 18:42:33 igor sshd[25577]: Failed password for root from   
   194.19.182.119 port 52974 ssh2   
   Sep  5 18:42:33 igor sshd[25577]: Received disconnect from   
   194.19.182.119: 11: Bye Bye [preauth]   
   Sep  5 18:44:51 igor sshd[25579]: Connection closed by 106.75.222.175   
   [preauth]   
   Sep  5 18:45:13 igor sshd[25581]: Invalid user chenmm from 210.104.28.71   
   Sep  5 18:45:13 igor sshd[25581]: input_userauth_request: invalid user   
   chenmm [preauth]   
   Sep  5 18:45:13 igor sshd[25581]: pam_unix(sshd:auth): check pass; user   
   unknown   
   Sep  5 18:45:13 igor sshd[25581]: pam_unix(sshd:auth): authentication   
   failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.104.28.71   
   Sep  5 18:45:15 igor sshd[25581]: Failed password for invalid user chenmm   
   from 210.104.28.71 port 33658 ssh2   
   Sep  5 18:45:15 igor sshd[25581]: Received disconnect from 210.104.28.71:   
   11: Bye Bye [preauth]   
   Sep  5 18:51:16 igor sshd[25583]: pam_unix(sshd:auth): authentication   
   failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.104.28.71   
   user=root   
   Sep  5 18:51:18 igor sshd[25583]: Failed password for root from   
   210.104.28.71 port 37942 ssh2   
   Sep  5 18:51:18 igor sshd[25583]: Received disconnect from 210.104.28.71:   
   11: Bye Bye [preauth]   
   Sep  5 18:56:54 igor sshd[25587]: Accepted publickey for henca from   
   192.168.17.2 port 63492 ssh2   
   Sep  5 18:56:54 igor sshd[25587]: pam_unix(sshd:session): session opened   
   for user henca by (uid=0)   
   ...   
      
   I blacklist IP addresses which has made too many ssh attempts, that list   
   is 38976 different IP addresses which I route to /dev/null   
      
   Once I saw a Slackware machine with a weak root password being connected   
   to internet with a public IP address. It took about 30 minutes before   
   someone was able to login as root.   
      
   regards Henrik   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca