I don't think I have seen a question like this posted here so here goes. I check my log files occasionally and in authentication log there are usually quite a few 'failed password for invalid user' or 'failed password for root' entries. Same IP, different port, ssh2. I made a change to my etc/ssh/sshd_config file some time ago changing the entry Permit Root Login from yes to no. I checked the log file an hour ago and still see many entries like this. I guess they are more annoying than actually dangerous. So, I added the following line to that file, recommended from a Google search.
MaxAuthTries 5
I don't know yet what effect that new line will have.
Just wondering if I should spend more time with this and maybe get into IP tables or other, or is this really commonplace and just an annoyance.
Linux Mint Forums
Security type question
6 posts
• Page 1 of 1
Security type question
by homerscousin on Mon Nov 26, 2012 6:21 pm
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
- homerscousin
- Level 4
- Posts: 470
- Joined: Fri May 25, 2012 2:43 pm
- Location: Somewhere on planet Earth (mostly)
Re: Security type question
by Olson on Mon Nov 26, 2012 9:47 pm
Sounds like the normal kind of "background noise" of the internet to me, nothing of great concern.
Make sure you choose decent passwords - remember length is more important than using upper / lower case and numerics and stuf like that, so long as you're not choosing words from the dictionary. https://www.grc.com/haystack.htm
There's a little app called fail2ban you can install, which basically bans hosts that make many failed connection attempts, if that make you feel any better. Worked well for me before I stopped caring
Make sure you choose decent passwords - remember length is more important than using upper / lower case and numerics and stuf like that, so long as you're not choosing words from the dictionary. https://www.grc.com/haystack.htm
There's a little app called fail2ban you can install, which basically bans hosts that make many failed connection attempts, if that make you feel any better. Worked well for me before I stopped caring
- Olson
- Level 1
- Posts: 21
- Joined: Sat May 05, 2012 4:42 am
Re: Security type question
by homerscousin on Tue Nov 27, 2012 4:19 pm
Yup. Kinda how I see this. Just background noise from dingbat brute force attempts around the world. I'll post in a week or so if that one added line has any effect.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
- homerscousin
- Level 4
- Posts: 470
- Joined: Fri May 25, 2012 2:43 pm
- Location: Somewhere on planet Earth (mostly)
Re: Security type question
by homerscousin on Wed Dec 05, 2012 4:11 pm
Just to let people know, I have completely solved this. I used the advice from these 2 urls:
http://www.iana.org/assignments/service ... umbers.xml
http://www.thegeekstuff.com/2011/05/openssh-options/
I hesitate to post my exact solution, but you can quite easily figure it out. My auth log is now completely devoid of any unauthorized login attempts.
Edit: that one added line had no effect.
http://www.iana.org/assignments/service ... umbers.xml
http://www.thegeekstuff.com/2011/05/openssh-options/
I hesitate to post my exact solution, but you can quite easily figure it out. My auth log is now completely devoid of any unauthorized login attempts.
Edit: that one added line had no effect.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
- homerscousin
- Level 4
- Posts: 470
- Joined: Fri May 25, 2012 2:43 pm
- Location: Somewhere on planet Earth (mostly)
Re: Security type question
by homerscousin on Tue Dec 25, 2012 7:18 pm
OK. Been a couple weeks. I changed a couple settings and the port assingment for ssh2. I have had 0 unauth log attempts in this time. It works. Wanted to make sure there were no complications before my final post.
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
- homerscousin
- Level 4
- Posts: 470
- Joined: Fri May 25, 2012 2:43 pm
- Location: Somewhere on planet Earth (mostly)
Re: Security type question
by homerscousin on Sat Dec 29, 2012 7:44 pm
Just wanted to add one more thing. UFW, uncomplicated firewall, is not enabled by default. This is a built-in firewall for Linux Mint. You have to open a terminal and enable it. See this URL, it may be helpful. http://www.linuxdistrocommunity.com/vid ... c3A5Dy4xE0
i5 3570k, ASRock z77 Extreme 4, 8 Gb Ripjaws 1600, Antec 430w psu, HVR 1600 tv tuner, custom case- marble top, oak face. Carver & DCM Time Window sound system. Mint 14 KDE.
- homerscousin
- Level 4
- Posts: 470
- Joined: Fri May 25, 2012 2:43 pm
- Location: Somewhere on planet Earth (mostly)
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests