[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] SSH login attempts

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] SSH login attempts
From: Nathaniel Suchy <me@xxxxxxxxxxx>
Date: Tue, 4 Sep 2018 20:19:47 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Sep 2018 20:20:13 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lunorian.is; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=aUtaL++Z3Rc3RnyHI5T/DwMOjGQ4zF7OA5Cp8nLFM20=; b=ePnPyOFO02ClxMIEwMoCHk/W6KkaBOb10KABcW5tjy1METowc6/kHoV4mAtUREBczR eCI9pmBHK7A+CxZtrVepki+9J9q58YOtzmC/Up4uGn+WEqgH0oOBA3qJ+jFrQBKdVZBR Ylheid7kJsLRbfx55lmZe7qqTpFqt/U4tlz/efVchijMYmS5EoDSwDrVf21CegtpbD+G mNZ2lJwD4l5tmq0SrIIXVwDsXXUk3lukVZtqGcbsnzCXhKzk/6yRCGDTpR7evFg2RhBp b4z7MmrULfy1TlIFXd+pIXSPSQD5I1cPzWzAdzKYyE9rKGcXLzmSf8Z1A6oT+fi8Xo36 cvSQ==
In-reply-to: <81E2BC08-12D8-4055-8E86-F0879A1B836F@bumponalog.info>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <9FAA393D-380B-4C0A-B4AF-76C0EE9E8BAD@mailbox.org> <732405187.141449.1536064730373.JavaMail.zimbra@apawc.com.au> <20180904124056.r7abkpapyq7u74mt@riseup.net> <81E2BC08-12D8-4055-8E86-F0879A1B836F@bumponalog.info>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

> Using an obscure port only prevents attempts being logged, nothing else. And if you’re going to use an alternate port, pick one under 1024. Make it so an attacker needs to be root before they replace your sshd process.

If you take that approach, make sure you are using a hardware firewall blocking inbound connections to ports above 1024.

Also SSH Keys, password auth disabled is enough - you don't even need to change your SSH port :D

On Tue, Sep 4, 2018 at 8:44 AM Sean Brown <just@xxxxxxxxxxxxxxx> wrote:

On Sep 4, 2018, at 8:40 AM, Natus <natus@xxxxxxxxxx> wrote:
>
>> Use some tool like fail2ban and/or ssh key authentication.
>
> Also change the default port of your ssh endpoint (eg: 2222)
>
>

Using an obscure port only prevents attempts being logged, nothing else. And if you’re going to use an alternate port, pick one under 1024. Make it so an attacker needs to be root before they replace your sshd process.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] SSH login attempts
  - From: Marcus Wahle
- Re: [tor-relays] SSH login attempts
  - From: Paul Templeton
- Re: [tor-relays] SSH login attempts
  - From: Natus
- Re: [tor-relays] SSH login attempts
  - From: Sean Brown

Prev by Author: Re: [tor-relays] Suspension of service (ISP Scaleway / tor exit)
Next by Author: Re: [tor-relays] Suspension of service (ISP Scaleway / tor exit)
Previous by thread: Re: [tor-relays] SSH login attempts
Next by thread: Re: [tor-relays] SSH login attempts
Index(es):
- Author
- Thread