Security :: IP Blacklist(s) For SSHD Access Control
Nov 4, 2010
Quick explanation about what this thread is: by way of an article featured on linuxtoday, I learned about what appears to be an actively managed IP blacklist: [URL]
# This is a compiled list of dirty hosts associated with
# bruteforcing attempts, spam, botnets, RBN and the list
# continues to grow. The data is comprised of information
# compiled from Arbor Networks, Project Honeypot, FIRE
# (maliciousnetwork.org), Host Exploit, Shadowserver and
# a variety of other similarly based sites.
Quick explanation about what this thread is not: this is not intended to be a discussion about default deny vs. default allow (i.e. whitelists vs. blacklists), nor is this a call for enumerations of your own sshd hardening strategy. Please try to keep on point. That said, can anyone speak to the quality of the blacklist information noted above? And/or are there any suggestions for a readily available blacklist of "known better" quality? I plan to try including an actively maintained blacklist like this into a multi-layered approach for hardening an sshd bastion host.
View 4 Replies
ADVERTISEMENT
Mar 6, 2010
I'm trying to setup ssh access on my Fedora 12 laptop. I get the following error message in /var/log/secure when I try to login from another machine using ssh and the login is denied:
Code:
sshd[3025]: error: Could not get shadow information for <user>
sshd[3025]: Failed password for <user> from <ip> port <port> ssh2
If I do a 'setenforce 0' I can login and no error is logged.
View 10 Replies
View Related
May 23, 2010
In Fedora 12 how do I make it so a specific program can't talk to the internet?
View 14 Replies
View Related
Mar 30, 2009
I have read in some book that syslogd keeps lots of logs that with the time consume a considerably part of your hard drive. I know this is very nice feature and all that, but sometimes privacy in this competitive world is a matter fact. Here goes the questions: Is it possible to 'auto delete' the syslogd files automatically? May the destruction of the logs make some hangs on my system? May some program need the daemon to function properly?
View 1 Replies
View Related
Jan 19, 2011
I can't ssh into my Dad's machine. He can ssh in from another computer on his network, but I can't get in across the internet. I thought we had port forwarding set up correctly on his router. (Westell 327W running verizon software - sshd application, port 22 to port 22, tcp).
I can exchange keys with his server but I get. "Permission denied, please try again" when I try and login. An nmap scan (with -PN option) on his IP shows the open port.
PORT STATE SERVICE
22/tcp open ssh
View 8 Replies
View Related
Mar 9, 2011
I want to enable sshd from Internet, but I want to secure it as much as possible.Therefore, despite the fact that the service will run on a tcp port above 2000 to prevent most scans, I would like to :- First, force the use of a client certificate, to avoid brute force attack on my users/passwords- second force the use of a username/password to avoid someone having access to my system just by stealing my key..When I look at the configuration, it's possible to enable both, but one of them is sufficient to login, but I can't find how to make them both mandatory...
View 2 Replies
View Related
Mar 9, 2010
I have a RHEL server with users logging in via ssh. I want to start using public keys instead of passwords with ssh. But public key is as good as a rotten tomato if it is unpassphrased and I cannot guarantee that all users will use passphrases. Therefore I will generate both private and public key on the server and will distribute the private key to the user via user-friendly web interface and thats where I will force them to use passphrase. I know they can change later the passphrase or remove it totally but my users are not so advanced.
So now I am trying to setup a centralized authorized_keys file with to be able to make them only root writable so they cannot put their own public keys on the server , it will be handled by scripts. Now the actual problem. I created /etc/ssh/keys directory instead of ~/.ssh and changed AuthorizedKeysFile to /etc/ssh/keys/%u in sshd_config But when I try to connect with the key I get the following error in the logs (after enabling DEBUG3 in sshd_config)
<CUT>
Mar 8 15:22:28 stagesmpp sshd[12248]: debug3: mm_request_receive entering
Mar 8 15:22:29 stagesmpp sshd[22358]: debug2: channel 0: rcvd adjust 33544
Mar 8 15:22:30 stagesmpp sshd[12248]: debug3: monitor_read: checking request 20
[code]...
View 2 Replies
View Related
May 11, 2011
I am running a fresh installation of RHEL 6 box and it shipped with Openssh 5.3.But, /etc/ssh/moduli file doesn't exist even in this new installation and the SSH log warns as below:PHP Code:WARNING: /etc/ssh/moduli does not exist, using fixed modulusDoes this imply that it is using the same random number for key exchange purpose ? Also, does it impose any security risks
View 2 Replies
View Related
Sep 28, 2010
I have a site in India that needs to be accessed by our offices round the world. I have added AllowUsers lines for the static IP's in those offices. However, we also have a couple of people who travel and don't have static ip's. Is it possible to enable both AllowUsers for the offices and have certificate access for the others?
View 1 Replies
View Related
Feb 18, 2011
I have an sshd server up and running (F13 64bit) I'd like to connect to a pc that's behind a firewall using ssh tunnelling, so I have something like
ssh -R 1234:127.0.0.1:22 myuser@mypc
then from mypc I can succesfully login to the remote pc. I have just une question. How can I list the ssh active connections and the forwarded ports ?
I've only got to
netstat -tunva
but this returns only (filtered)
tcp 0 0 127.0.0.1:1234 0.0.0.0:* LISTEN
tcp 0 0 ::ffff:172.16.0.XXX:22 ::ffff:172.16.1.XXX:60744 ESTABLISHED
Now I know that the first is the tunnel end but how can I connect the two lines if I don't know the port number (ie: someone else estabilieshes another tunnel)
View 4 Replies
View Related
Jan 18, 2010
I'm having troubles trying to understand this problem:my homeserver until yesterday had a public IP, staying on network, with sshd running and all was fine;this evening I changed the IP, giving it a local lan address, and what happened if I tried to connect to it by ssh?I got an error about "Connection closed by remote host". Google helped me finding that was regarded to hosts.deny file, that was actually containing a lineALL:ALLthat I commented, and all was fine.My question is: why the hosts.deny (that has never changed) was observed only with the local IP?I tried to switch back to the public IP and leaving ALL:ALL, and it did connect without any problem
View 1 Replies
View Related
Feb 9, 2011
What is happening when I log in to my Ubuntu server machine via ssh and putty. trying to understand everything, primarily securing my server.
I have specified the ssh server to listen on port 5525, and can login without a problem.
When I look at the logs though it says I connected from xxx.xx.xx.xx on port 53602.
What is happening here and why is the logged connection a different port to the one specified in the config file?
View 1 Replies
View Related
Jun 11, 2011
I've been using ssh for a LONG time to connect my laptop to my desktop with no problems. I use a non-standard port (nnnnn) and keys. After a power outage that caused a shutdown and reboot, I can no longer ssh into the desktop. The only changes I've made are updates (laptop and desktop both running ubuntu 10.04).
$ ssh -p nnnnn Desktop
ssh: connect to host Desktop port nnnnn: Connection refused
No messages are generated in any of the logs on Desktop!
$ /usr/sbin/sshd -T
port nnnnn
protocol 2
addressfamily any
listenaddress 0.0.0.0:12023
listenaddress [::]:12023 .....
View 9 Replies
View Related
Dec 19, 2010
When a user that has rsa public key set in ~/.ssh/authorized_keys file logs in via ssh an sshd process is started to handle the ssh session.Periodically we audit the authorized keys and remove them from the system and authorized_keys file. This means the next log in attempt will fail, which is fine.However we need to terminate current ssh sessions in progress that use the rsa key.I have not been able to determine a way to map sshd processes with authorized_keys entries.
View 11 Replies
View Related
Mar 28, 2010
Quote:
Code:
I've used these commands to generate my new keys and immediately got my sshd server running.
However, I now have the problem where the password is not being recognized and is repeatedly asked for.
View 2 Replies
View Related
May 25, 2011
Tried google and searching this forum to no avail. Under Fedora 14, there is an selinux policy which blocks sshd from making outbound connections on port 80 or 443. This can occur when a client box tries to tunnel through the ssh connection for encrypted access to the web.
While I did manage to allow this happen by creating a permissive domain for sshd with this command:
Code:
The preferred way would be to allow sshd to make connection on other ports with a similar command that does not seem to work:
Code:
Is this the correct way of allowing an outbound port connection for the sshd daemon?
View 2 Replies
View Related
Apr 28, 2011
Is there an ssh or sshd parameter that can be set to block out a user after a set number of attempts tp login ?
View 1 Replies
View Related
Aug 10, 2010
I have a problem with sshd daemon on a target linux system:The system has only one user (root) without password.The sshd_config looks like:
Code:
Port 22
Protocol 2
[code]...
View 8 Replies
View Related
Feb 14, 2011
i have a xeon machine with ubuntu os machine specification is 3gb RAM 3 scsi hard drives each 73gb it have two ethernet cards one ethernet card is connected with adsl modem and the second is connected with LAN. now what is mikrotik doing for me is control access to bind mac adress with ip adress and control the band width for induvisual conection.
View 2 Replies
View Related
Mar 31, 2010
I'm having a problem with my ubuntu 9.10 machine. I can ssh out of the computer, but not in. I have /etc/init.d/ssh, but not /etc/init.d/sshd - don't know if this is normal If I run /etc/init.d/ssh status I get: robot@cora:~$ sudo /etc/init.d/ssh status * could not access PID file for sshd
If I run /etc/init.d/ssh restart (or stop then start) then I can ssh both ways. But I cannot get this to work automatically at boot. The machine is going to be in a remote location, so I need the ability to ssh INTO it after reboot, which I don't have. I have confirmed that start files are located in /etc/rc3.d/S16ssh
I've uninstalled and reinstalled openssh-server (via "apt-get remove openssh-server" and "apt-get install openssh-server") and this did not help. There are both /etc/ssh/ssh_config and /etc/ssh/sshd_config files that look like they are standard (compared to what I've found from web searches). /etc/init.d/ssh is also standard.
View 8 Replies
View Related
May 27, 2009
We have a sipmle office network set up that we also use use to connect to the internet, however of late the number of users has increased thus slowing internet access. Bandwidth upgrade is not an option thus i have to do bandwidth shaping on our linux router. The question is how do set the squid configs to allow certain IP's range a certain percentage bandwidtheg 60% and furthe divide the rest. Alternatively how can allow certain IPs to have higher bandwidth access.
View 1 Replies
View Related
Jul 22, 2010
I am getting the following error after booting my Ubuntu machine. Worked fine recently and after I upgraded some stuff when I rebooted the machine I got a green screen then hit an arrow key and got the following error message:Gave up waiting for root device. Common problems:
- Boot args (cat /proc/cmdline)
- Check rootdelay= (did the system wait long enough?)
- Check root= (did the system wait for the right device?)
[code]....
View 1 Replies
View Related
May 28, 2010
I'm using squid for proxy server in FC6. I'm also using squidGuard for web-site access restriction. I want to do some exception now for website access. For example, squid user1 with ip 192.168.7.10/32 shoud not access facebook.com while all other squid users with ip 192.168.7.11/32, 192.168.7.9/32 and so on... can access facebook.com since facebook.com is not listed in squidGuard .db files
View 1 Replies
View Related
Jul 19, 2010
I'm trying to "repair" two Debian Lenny servers a friend of mine had installed and working fine, all of a sudden he calls and tells me the servers don't boot. He's getting this error messege on both, weird:
/bin/sh: can't access tty; job control turned off (initramfs)
View 1 Replies
View Related
Dec 25, 2010
I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage.
Services like proftpd have:
AllowGroup ftpgroup
sshd have
AllowGroups sshgroup
And samba have
valid users = @smbgroup
But I can't find the correct option in Dovecot (/etc/dovecot/dovecot.conf) Do anyone have the magic option or a workaround thats doesn't envolve maintaining seperate user databases and password?
View 1 Replies
View Related
Feb 16, 2010
I'm using Sun One LDAP server, (Soon to be moving to openldap). I have one Master server, no slaves, about 60 user accounts.
I'd like to add an attribute to each of the users DN's to restrict there ability to login to specific hostnames. I.e. I have hosts A, B and C. Dev staff can access A and B, but not C, and support staff need to access all of them.
I found a link at [url] which talked about using 'hostsallowedlogin' and 'hostsdeniedlogin' attributes but I'm presuming these are bespoke. If they are, how do you configure the ldap.conf to take note of these attributes when authorizing access?
View 14 Replies
View Related
Sep 21, 2010
I am using Debian Lenny on a cluster. If I log in as a regular user and try to adjust the volume on the top right panel (Using Gnome), I get the following message"The volume control did not find any elements and/or devices to control. This means either that you don't have the right GStreamer plugins installed, or that you don't have a sound card configured.You can remove the volume control from the panel by right-clicking the speaker icon on the panel and selecting "Remove From Panel" from the menu."or ifenter "gstreamer-properties" in the terminal and do a test I get the following message"Autodetect: Could not open resource for writing."
if I become the root user and enter "gstreamer-properties" in the terminal and do a test, the test works. Alsamixer works as root, but not as a user.My user error for alsamixer i"alsamixer: function snd_ctl_open failed for default: No such file or directory"I am not sure what setting I need to change to which all users can adjust the volume. Problem 2:When I put in a usb stick I get the following error as a user.Cannot mount volume
View 1 Replies
View Related
Feb 18, 2011
We have a system with 1 GB memory. Out of this, i would like to restrict only 512MB for linux and would like to access the rest 512MB directly from an application that runs on linux.
What is the suggested means to achieve this on 2.6.x?
View 1 Replies
View Related
Sep 29, 2010
Am using Suse 10.2 for internet and e-mail server. currently all my users have access to the internet if they know how to setup their web browsers. how do i deny some users internet access so that a user can only access his/her e-mail but not internet.
View 1 Replies
View Related
Aug 24, 2010
I have my own dedicated server box running (using it for game servers). I access it via ssh and I have root control of it. It has FEDORA Operating System. I wanna give FTP control of different directories to different users. Right now there are no other FTP users except root. I have installed vsftpd and dont know what should I do next? How do I add users (who can read/write/delete files) and How do I restrict them to their home directory?
Here is what I want:
username:client1
password:12345
home directory: home/server1
username:client2
password:12345
home directory: home/server2
View 1 Replies
View Related
