On 05/01/18 21:35, Christopher Myers wrote:
If this system is accessible on the internet, and needs to stay that way, you might want to do a couple of things --
First, don't have it listen on port 22. Whether through your firewall or the server itself, make SSH respond on some random high port, like 6022, or 60022, or something like that. (If through SSH directly, the line in sshd_config is "Port 22" (no quotes; remove the # at the front if there is one.)
It's already configured in such a way on a high port number.
Second, seriously consider doing something like fail2ban, so that multiple invalid attempts will result in their IP address being outright blocked. This will help prevent brute-forcing a connection.
If I see the same address reappearing I'll look into this. It's the first time I've seen anything in the logs in over a year so for the moment it may be a rare one-off. Interestingly, having just revisited the link I posted in the original post, whilst it previously had a dozen or so reports relating to the IP address going back a few months, I see somebody else just posted the exact same log string as myself but with a different originating port number, and 3 hours ago, meaning just before I posted this topic.
Third, make absolutely sure that you have root logins and password- based logins disabled (aka, ONLY key logins.) These are the lines in sshd_config that you'd set: PermitRootLogin no PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no UsePAM no ChallengeResponseAuthentication no
After making any changes to the config file, do "service sshd restart" (no quotes)
If you do the port number change, do it first and test it. Then leave that session open if you do any other changes.
CRITICAL: IF YOU CHANGE THE AUTHENTICATION MECHANISMS, BEFORE CLOSING YOUR SSH SESSION, MAKE SURE THAT YOU CAN OPEN A SECOND SESSION AND CONNECT SUCCESSFULLY! That way if you messed up the config, you won't have locked yourself out of your box, and can fix things.
Good tip! gumb -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org