[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Many SSH requests

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Many SSH requests
From: William Kane <ttallink@xxxxxxxxxxxxxx>
Date: Sat, 3 Apr 2021 18:45:59 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 04 Apr 2021 17:56:20 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=2LC90VNr/qEnkyFerW+IBI16Cm2zLWUJuG2TxAr/YZk=; b=IWqfQvyf+swCr1kSlfx0tJUKfncJx0H7HJimNWvsEUBh1nVmYvQv8898UF3o15ixqN ID8XMSnAdEriMLgBow2wUxp3V+Rh3RPcKWignXHBiBTALfzP7ASGSZ8olaTkjLSA8YLR q5LWcHR1phW9Q85om7OL4dFyytZqClkSgPtXX4Rxijxz9aVL5qxMxLPWQMOn/Wi5CByz 8DXq1HT1Q0kOYyi1JD6DdIScb1MeaA8x7YZWCQRbobpRyDjulfpPwrbRbeYezn+8l1o5 rl4VZrogUdpukvvtFGb0VM9374YggP7WM4ddYLF96KXgam+XTvWvMukJ5sOc/5tVPrlY E4Ng==
In-reply-to: <CABUQM0eGhpsVZfKNg6MDs-UkgFvMPCCnpkP0MFbjBsUPJ4p8nw@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CABUQM0ffMXaEYYZPj2FOrEwgODtpH1q_qQTqqnFq9WsXoUhSqA@mail.gmail.com> <zwUG9a2MY0WVTo7pBWI1MsEu2gfhQmIfkgU0YymHfj9JabaUF8NYkbF1PDmjMU6TKpmO3IzKZkp2FOm7uscBhcG_9sfY0nPmwo1sFAyujx4=@virtadpt.net> <CABUQM0eGhpsVZfKNg6MDs-UkgFvMPCCnpkP0MFbjBsUPJ4p8nw@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

Only allow public key authentication (preferably avoiding RSA, DSA and
ECDSA keys and just going for an Ed25519 one), disabling root login
and then creating an unprivileged user to work on the machine which
will be added to the AllowUsers directive in sshd_config will make
brute-forcing obsolete.

You might still want to move the port from 22 to anything random from
1024-65535 to get rid of the frequent log entries caused by servers
scanning for outdated or vulnerable sshd instances.

- William

On 02/04/2021, Cristiano Kubiaki Gomes <cristianockg@xxxxxxxxx> wrote:
> Thank you all for the recommendation. It took some time but I think I am
> relatively safer now.
>
> And also learned a lot. Much appreciated.
>
> All the best!
>
> On Fri 2 Apr 2021 at 11:40, The Doctor [412/724/301/703/415/510] <
> drwho@xxxxxxxxxxxx> wrote:
>
>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> On Wednesday, March 31, 2021 9:35 AM, Cristiano Kubiaki Gomes <
>> cristianockg@xxxxxxxxx> wrote:
>>
>> O noticed many ssh requests to my Debian VM running a Relay and I am
>> wondering if this is normal or if this is happening only with me.
>> Anyone else see this ssh attemptives? Is it normal?
>>
>>
>> Yup, it's background radiation on the Internet.  We all get them.
>>
>> If SSH key authentication only isn't enabled, turn it on.  Change the
>> port
>> sshd is listening on.
>> Set up fail2ban to further protect the new port (I get a lot of portscans
>> hammering my nodes
>> looking for the new sshd port followed by brute force attempts, so may as
>> well cut 'em off
>> at the knees).
>>
>> Or set up a hidden service for sshd on the box and reconfigure it to
>> listen on the loopback only.
>> You'll only be able to SSH in over the Tor network after that, but it'll
>> cut the login attempts way
>> down.
>>
>> The Doctor [412/724/301/703/415/510]
>> WWW: https://drwho.virtadpt.net/
>> The old world is dying, and the new world struggles to be born. Now is
>> the
>> time of monsters.
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> --
> Cristiano Kubiaki
> Telegram <https://telegram.me/cris_kubiaki> | LinkedIn
> <https://www.linkedin.com/in/cristianokubiaki/> | Twitter
> <https://twitter.com/criskubiaki>
> ITIL - MCP - MCDST - MCTS - DCSE
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] Many SSH requests
  - From: The Doctor [412/724/301/703/415/510]
- Re: [tor-relays] Many SSH requests
  - From: Cristiano Kubiaki Gomes

Prev by Author: Re: [tor-relays] Is OVH a safe vps provider to run an exit relay on?
Next by Author: Re: [tor-relays] tor relay issue on windows 10
Previous by thread: Re: [tor-relays] Many SSH requests
Next by thread: Re: [tor-relays] Is OVH a safe vps provider to run an exit relay on?
Index(es):
- Author
- Thread