SSH Login Timeout – Password Authentication
SSH login timeouts are not very effective at preventing unauthorized login attempts. Most ssh attacks are scripted attached launched by automatic mechanisms. The scripts most likely will use dictionary based brute force attacks that insert the password very quickly. Setting the login timeout very low will most likely not prevent such scripted attacks, and will only hinder the ability for a legitimate user to login successfully within the allocated amount of time. Set the login timeout to 60 seconds; I have set it to 5 seconds and it only caused problems for actual user logins.
Tags: automatic mechanisms, brute force, dictionary, force, legitimate user, login, ssh, timeout, timeouts, user
No trackbacks yet.
Partiton Full? Move your Stuff Somewhere Else
March 6, 2010 - 11:35 am
Tags: backup, backup directory, dev, excess space, hda, hda1, hda2, home, storage, symbolic link, user
Posted in cp, ln, partition, rm, symbolic | No comments
If you run out of space on a particular partition, but you have excess space on another partition you can relocate your data. Lets say you have 100 Megabytes left on /dev/hda1 but your have 10 gigs left on /dev/hda2. Lets say you have a folder on /dev/hda1 /home/user/backup that is over 2 gigs. Lets [...]
SSH – Gateway Ports and Forward Reverse Tunnels
February 27, 2010 - 9:42 am
Tags: client, client location, connection, encrypted connection, gateway, gateway ports, option, ssh, ssh connection, ssh connections
Posted in .forward, client, gateway, host, port, reverse, ssh, tunnel | No comments
SSH can create forward and reverse tunnels to transmit port data through the encrypted connection. You can create forward tunnels that link the local port of the client machine to the remote port on the server. You can create reverse tunnels that link the remote ports of the server to the local ports on the [...]
Virus Detected Notification – Suppress Clamav-Milter Messages
February 15, 2010 - 9:12 am
Tags: Clamav-milter, linux machine, milter, postmaster, root, root user, spam folder, user, virus, virus message
Posted in ClamAV, detect, email, milter, notification, virus | 2 comments
Clamav-milter will automatically mail the root user and/or the postmaster in the event that a virus message has been rejected for delivery. To suppress the mailing of these virus found reports open:
/etc/default/clamav-milter
At the top is the options line. Add to the line:
–quiet
No more messages and you don’t need to filter the messages into the spam [...]
SSH X Forwarding with Compression
February 13, 2010 - 4:39 pm
Tags: c option, Compression, compression quality, connection, internet, slow internet connection, slow internet connections, ssh, ssh sessions, xtightvncviewer
Posted in Compression, quality, speed, ssh, xtightvncviewer | No comments
If you plan to forward X applications via ssh, and are using a very slow internet connection you should definitely use compression. The “-C” option will use compression and will substantially increase the data transfer rate in 100 Kb/s or less internet connections. Also with vnc connection, if you are using xtightvncviewer you can effectively [...]
Sendmail – Critical to Receive System Alerts
February 10, 2010 - 9:02 am
Tags: default sendmail, email, external mail server, forward works, local ip, mail, relay mail, Sendmail, System, user
Posted in .forward, Sendmail, access, alert, aliases, home, user | No comments
Image via Wikipedia
The core of Linux is designed to mail, at minimum, the root user of various system alerts. With sendmail installed these alerts are mailed to the respective user directory. If you have an external mail server you can configure your local user mail to be forwarded to any email address. The easiest method [...]
Sshd_config Settings Rundown
February 3, 2010 - 12:38 pm
Tags: change, internet, login, login attempts, password, port, port 22, pound symbol, root login, ssh login
Posted in iptables, login, root, rsa, setting, sshd, tcp | No comments
Image via Wikipedia
First change the port you are using. Do not use port 22 on servers that have internet connectivity. This is the first port that will be checked by countless robots searching the internet for vulnerabilities. Change the port to whatever, and then use the -p option in your ssh login attemt. Then make [...]
Auth.log in Debian Systems
February 2, 2010 - 12:13 pm
Tags: auth, connection, connection attempts, cron, crontab command, force, mail servers, root mail, security countermeasures, ssh
Posted in auth, cron, crontab, debian, log, ssh | No comments
Image via Wikipedia
Your auth.log file is the first step in determining of an intrusion is being attempted, or has occured. It logs all ssh connection attempts, cron jobs, and su calls. If an ssh brute force attach is occurring you will see countless failed ssh login attempts. Most likely various usernames will be attempted. You [...]
Reasonable Backup Routines – Service and Desktop Integrity
January 27, 2010 - 1:25 pm
Tags: backup, backup drive, caption, cronjob, desktop machine, directory, hardware failure, media directory, rsync, user
Posted in backup, crontab, network, rsync | No comments
You should have backups of all your files all the time. For a desktop machine always have a backup of your entire /home partition. Use a cronjob and rsync. Mount a usb drive to the /media directory. Use a cronjob as follows:
1 1 0 0 0 rsync -r /home/user /media/backup/user
The above rsync will recursively transfer [...]
Detecting a Security Breach – Ubuntu and Linux Machine
January 25, 2010 - 12:46 pm
Tags: active processes, attempt, linux machine, login, login attempts, machine, password, root, security breech, ssh access
Posted in access, backup, breech, detect, linux, login, root, security, ubuntu | 2 comments
Detecting a security breech is sometimes as easy as logging into the machine, using ssh, and viewing the last login attempt from a completely unrecognized ip address or domain. Subsequently check your auth.log file, in /var/log, for login attempts. If you see countless failed login attempts you have been the victim of a brute from [...]
Server Security – Passwordless Remote Login
January 24, 2010 - 4:15 pm
Tags: accessible system, ban, login, login attempts, rsa, rsa keys, ssh, ssh ftp, ssh server, System
Posted in Server, fail2ban, login, remote, rsa, security, ssh | No comments
Based on some recent experience do not ever allow password remote login. There are two things you chould apply to your ssh server. Implement a RSA key login, and implement fail2ban. Fail2ban will modify iptables (firewall) to block the ip address of offending attempts to connect. It will do so for your apache, ssh, ftp, [...]
February 12, 2010 - 11:11 pm
You can also use IPtables rules to rate limit access to SSH. I find this very effective for the routine bots that are scanning.