I don't think I have seen a question like this posted here so here goes. I check my log files occasionally and in authentication log there are usually quite a few 'failed password for invalid user' or 'failed password for root' entries. Same IP, different port, ssh2. I made a change to my etc/ssh/sshd_config file some time ago changing the entry Permit Root Login from yes to no. I checked the log file an hour ago and still see many entries like this. I guess they are more annoying than actually dangerous. So, I added the following line to that file, recommended from a Google search.
MaxAuthTries 5
I don't know yet what effect that new line will have.
Just wondering if I should spend more time with this and maybe get into IP tables or other, or is this really commonplace and just an annoyance.
Security type question
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
homerscousin
Security type question
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
-
Olson
Re: Security type question
Sounds like the normal kind of "background noise" of the internet to me, nothing of great concern.
Make sure you choose decent passwords - remember length is more important than using upper / lower case and numerics and stuf like that, so long as you're not choosing words from the dictionary. https://www.grc.com/haystack.htm
There's a little app called fail2ban you can install, which basically bans hosts that make many failed connection attempts, if that make you feel any better. Worked well for me before I stopped caring
Make sure you choose decent passwords - remember length is more important than using upper / lower case and numerics and stuf like that, so long as you're not choosing words from the dictionary. https://www.grc.com/haystack.htm
There's a little app called fail2ban you can install, which basically bans hosts that make many failed connection attempts, if that make you feel any better. Worked well for me before I stopped caring
-
homerscousin
Re: Security type question
Yup. Kinda how I see this. Just background noise from dingbat brute force attempts around the world. I'll post in a week or so if that one added line has any effect.
-
homerscousin
Re: Security type question
Just to let people know, I have completely solved this. I used the advice from these 2 urls:
http://www.iana.org/assignments/service ... umbers.xml
http://www.thegeekstuff.com/2011/05/openssh-options/
I hesitate to post my exact solution, but you can quite easily figure it out. My auth log is now completely devoid of any unauthorized login attempts.
Edit: that one added line had no effect.
http://www.iana.org/assignments/service ... umbers.xml
http://www.thegeekstuff.com/2011/05/openssh-options/
I hesitate to post my exact solution, but you can quite easily figure it out. My auth log is now completely devoid of any unauthorized login attempts.
Edit: that one added line had no effect.
-
homerscousin
Re: Security type question
OK. Been a couple weeks. I changed a couple settings and the port assingment for ssh2. I have had 0 unauth log attempts in this time. It works. Wanted to make sure there were no complications before my final post.
-
homerscousin
Re: Security type question
Just wanted to add one more thing. UFW, uncomplicated firewall, is not enabled by default. This is a built-in firewall for Linux Mint. You have to open a terminal and enable it. See this URL, it may be helpful. http://www.linuxdistrocommunity.com/vid ... c3A5Dy4xE0