Bob Williams wrote:
On Thursday 10 Jun 2010 14:37:07 Otto Rodusek wrote:
Any other ideas I can try?
Why not change your ssh port from the default 22? Below are the instructions provided by David Rankin when I was being attacked through port 22. All quiet here now ;)
Moving SSH to a higher port number
To move ssh to a higher port on openSuSE, you need to edit two files:
1. /etc/services 2. /etc/ssh/sshd_config
First open /etc/services and find an "Unassigned" high port that you would like to use. ('grep Unassigned /etc/services' works well) I would look between 5000 and 9999 so you are left with a four digit port and don't have to type 5 digits for the port. If you like typing, then just stay under 64,000. After you have found a port to use, then copy the lines for port 22, change the port to your desired port number and then comment out the port 22 lines:
#ssh 22/tcp # SSH Remote Login Protocol dcr reassigned to 5129 #ssh 22/udp # SSH Remote Login Protocol #ssh 22/sctp # SSH ssh 5129/tcp # SSH Remote Login Protocol dcr reassigned from 22 ssh 5129/udp # SSH Remote Login Protocol ssh 5129/sctp # SSH When you move the port
Then edit /etc/ssh/sshd_config and change the Port number:
#Port 22 Port 5129
Then restart sshd, as root, rcsshd restart. You are ready to access your new ssh port with the port specified in the ssh command:
ssh -p 5129 you@your.host.com
Then all I had to do was update all my ssh aliases in .bashrc and the fact that ssh is now on a different port is completely transparent. Of course you have to change the port in you router as well. One show stopper for me would have been if the change caused difficulties with fish:// However, fish works just fine. All you need to do is add ':portnumber' to the end of the hostname like:
fish://user@somehost.com:port/
or to eliminate the password promt (if your not using public/private keys)
fish://user:pass@somehost.com:port/
Additional Information for rsync:
For rsync to work with the alternate port, you must enclose the ssh command and desired port number in single quotes. Example:
rsync -av -e 'ssh -p 5129' yoursite.com:~/tmp/somefile.doc tmp/
Works like a champ.
And scp insists on a capital P for some reason:
scp -P 5129 LOCAL_FILE REMOTE_FILE
That's why I prefer to add this to ~/.ssh/config if one connects regularly to the remote system (or even to /etc/ssh/ssh_config, if more users on that system do that):
Host yoursite.com Port 5129
You can/should also add "Compression yes" there, if the connection goes via Internet. And one can make nicknames for connections by specifying the nickname in the Host clause and adding a line with "HostName yoursite.com". If the remote system is on a dialup line with changing IP numbers and dynamic DNS, add "CheckHostIP no".
Another important configuration clause is "User uid" if your uids differ from local to remote system, but that's one for the personal config file, not one for the system-wide one. Configurations are additive, i.e., one can have some in a wildcard section for a whole domain, some system-wide for a specific system, and some in the personal config file, like the User clause; they are all merged together. We have dozens of such configurations in our ssh config files... ;-)
Afterwards, all ssh and scp connections (including those initiated by rsync) use that configuration, no need to specify the port with every call.
Hi Bob, Thanks for your feedback. I already have additional safeguards against attacks (I have a perl prog that monitors /var/log/messages & other logs and locks out perps). I've also changed ports. I'm just curious why iptables won't honor the: FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=60,recentname=ssh" It's more a nagging issue than anything else. Again thanks for your feedback. Best regards. Otto. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org