Security

From FVue
Jump to: navigation, search

See also

Where to install ssh-agent?
A search for the right place on my system to install ssh-agent


Journal

20170722

Self-Encrypting Disks pose Self-Decrypting Risks
Investigation of hardware-based full disk encryption (FDE) drives (2012)

20060514

1 Day after allowing ssh I can see brute-force login attempts in /var/log/messages:

...
May  2 22:17:16 mybox sshd[24451]: Did not receive identification string from 210.178.224.71
May  2 22:17:43 mybox sshd[24454]: Invalid user postgres from 210.178.224.71
May  2 22:17:46 mybox sshd[24456]: Invalid user accept from 210.178.224.71
May  2 22:17:48 mybox sshd[24458]: Invalid user leo from 210.178.224.71
May  2 22:17:51 mybox sshd[24460]: Invalid user zeppelin from 210.178.224.71
May  2 22:17:53 mybox sshd[24462]: Invalid user hacker from 210.178.224.71
May  2 22:17:56 mybox sshd[24464]: Invalid user olga from 210.178.224.71
May  2 22:17:59 mybox sshd[24466]: Invalid user boris from 210.178.224.71
May  2 22:18:01 mybox sshd[24468]: Invalid user mathew from 210.178.224.71
May  2 22:18:04 mybox sshd[24475]: Invalid user testing from 210.178.224.71
May  2 22:18:06 mybox sshd[24477]: Invalid user galaxy from 210.178.224.71
May  2 22:18:11 mybox sshd[24481]: Invalid user venice from 210.178.224.71
...

Installed chkrootkit and rkhunter.

Rkhunter gives me this warning:

* Check: SSH
   Searching for sshd_config...
   Found /etc/ssh/sshd_config
   Checking for allowed root login... Watch out Root login possible. Possible risk!
    info:
    Hint: See logfile for more information about this issue
   Checking for allowed protocols...                          [ Warning (SSH v1 allowed) ]

20060515

Fail2ban should hold some of the fix brute force attacks by modifying firewall rules on the fly.

Used page rootkit warnings - they serious? - LinuxQuestions.org: to secure my ssh (/etc/ssh/sshd_config). Also changed port to a less obvious one:

PermitRootLogin no
Port xx  # Don't forget to open this port in firewall
Protocol 2

Tips to Secure Linux Workstation | Ayman Hourieh's Blog:

20060517

Looking for sshd AllowUser/DenyUser, the message SecurityFocus Secure Shell: Re: AllowUser/DenyUser: directs me to pam

20060604

Whitedust: Recent SSH Brute-Force Attacks

20060610

SSH: Pluggable Authentication Module (PAM) Submethod

20060611

SuSE Help | SUSE Linux Documentation (en) | Reference (en) | System | Authentication with PAM

20060612

[1]

It seems I can restrict SSH access on multiple places: firewall, sshd, pam, lids on my box and the firewall on my router.

+-----firewall-------+
|+----sshd----------+|
||+---pam----------+||
|||+--lids--------+|||
||||+-filesystem-+||||      +--firewall--+        _---------_
|||||+----------+|||||      |+----------+|       (           )
||||||  mybox   ++++++------++ myrouter ++------(   INTERNET  )
|||||+----------+|||||      |+----------+|       (_         _)
||||+------------+||||      +------------+         ---------
|||+--------------+|||
||+----------------+||
|+------------------+|
+--------------------+

From PenguinSecurity dot Net - SSH User Identities:

"The goal of using Identity/Pubkey authentication is to remove the need for static passwords. Instead of providing a password, which could be captured by a keystroke logger or witnessed as you type it, you have a key pair on your disk that you use to authenticate. Your account on the SSH server has a list of Identities/Pubkeys that it trusts, and if you can prove you have the public and private key then you are granted access without supplying a password."

How do I disable keyboard authentication?

From man sshd_config:

PasswordAuthentication
Specifies whether password authentication is allowed. The default is “yes”.

I can still login by keyboard... The answer is in this thread Google Groups: comp.security.ssh - openssh-2.5.2p2 takes passwords with PasswordAuthentican no?

20061008

Reset /etc/sshd_config:

#X11Forwarding no

See also: Where to install ssh-agent?

Comments

blog comments powered by Disqus