Posts tagged port 22
Sshd_config Settings Rundown
Feb 3rd
- Image via Wikipedia
First change the port you are using. Do not use port 22 on servers that have internet connectivity. This is the first port that will be checked by countless robots searching the internet for vulnerabilities. Change the port to whatever, and then use the -p option in your ssh login attemt. Then make sure root login is disabled, remove the pound symbol from the front of the option line. If you can you should definitely allow rsa key login. Once you get your encryption key setup disable password login by setting the respective line to “no”. If you cannot enable keyed logins for any reason what soever, you should enabled ip based restrictions either by iptables or by tcp wrappers. Iptables is configured with the iptables command, and the tcp wrappers are configured in /etc/hosts.allow. You can reduce the time limit for password login, but sometimes this causes problems with remote users connecting; sometimes it takes a couple of extra seconds for people to login. Make the time limit around 30 seconds. If people are still having trouble connecting check the /var/log/auth.log file for more information about the failed login attempt. Maybe the password is too complicated? Before reducing the complexity of the password implement fail2ban, which will automatically block ip addresses based on failed login attempts, therefore you can reduce the complexity of the password without substantially reducing system security.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=e60bad9b-01fa-477c-8d93-931cacb700d4)
VirtualBox Guest IP Address
Aug 22nd
UPDATE: VirtualBox host networking is much easier now, and is completely automated on both Windows and Linux.
There are two ways to interact with your guest operating system. You can either forward a port on the host machine, or you can have the guest operating system utilize dhcp to retrieve an IP address from your router. The following are three terminal commands, utilizing the VBoxManage command with a variety of options. To forward a port to your guest OS do the following; replace guestOS with your VirtualBox OS, port 2222 with the port on your host machine that you want to forward, and port 22 for the desired port on the guest OS:
VBoxManage setextradata guestOSname VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort 2222
VBoxManage setextradata guestOSname VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort 22
VBoxManage setextradata guestOSname VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol TCP
Now this method I find really really really cool !!! We are going to configure your VirtualBox guest OS to get a regular IP address from your routers DHCP server. By doing this you will be able to access your VirtualBox guest OS as you would any regular computer. Doing this really establishes a Virtual Operating System that truly and completely functions as a real computer. First install a couple of files via apt; the packages were in my Debian Etch repositories, therefore I have no doubt that they are in Ubuntu’s: sudo apt-get install bridge-utils uml-utilities The best part it its only a couple of command that can be thrown in a script that is automatically run on boot. Add the following lines to a script, you can name the file something like “virtualbridge.sh”:
#replace user with the main username that you use to login
sudo tunctl -t tap0 -u user
sudo chmod 666 /dev/net/tun
sudo /usr/sbin/brctl addbr br0 sudo /sbin/ifconfig eth0 0.0.0.0 promisc
sudo /usr/sbin/brctl addif br0 eth0 sudo /sbin/dhclient br0
sudo /usr/sbin/brctl addif br0 tap0 #replace tap0ipaddress with an unused local ipaddress
sudo ifconfig tap0 tap0ipaddress up
sudo bash -c 'echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp' #replace hostipaddress
sudo route add -host hostipaddress dev tap0 #also replace hostipaddress with the host ip address
sudo arp -Ds hostipaddress eth0 pub
#END of SCRIPT
Now configure your VirtualBox Guest OS to use the tap0 network interface. This can all be done graphically. Add these lines to a empty new text file and name it what you wish. Set it to be executable with a quick chmod 777 command. Add it to your sessions to be automatically run on user login. Also add your VirtualBox OS to boot on login; you can do this with:
#replace GuestOS with the desired GuestOS
VBoxManage startvm GuestOS
Now your script will run automatically on login, and the GuestOS will automatically boot. Viola, you now have a GuestOS that automatically boots, and is practically indistinguishable from a real computer complete with a real local ipaddress 
