[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] SSH
- To: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-relays] SSH
- From: George <george@xxxxxxxxxx>
- Date: Tue, 22 Sep 2020 14:34:30 -0400
- Autocrypt: addr=george@xxxxxxxxxx; keydata= mQINBFnk+YcBEAC8eaom0XY5RWEUtcPYEvpNEnJVhThasrN9+jNjz1Oj8Dm/esj+yoY0WSzv MpIPKTcow68Am3yrtnnFCSfnJeaBxM+EHQF/cYDsi2+9g976kaWVZro+SuSkUGHHU6mEZ+B3 FqOGLLqIG2GdoLYhYKSj+fNcfWdOzC8d2HUxNiZ6ElsclebcQKTOeOlHxVQu8lIanTsbcnAE jjlWKRh70jViECxc0h92x++eCWSOGypiFLZhjOopt+2nEjCLov4+kGRCF4XK3wdooOhnlSq9 d6i3CudzZD/VoA0+56q7gbbtwBKHTeOzuqZQPqcaXJqXIfy5MpOhphv4TC7O0hguC+qEMd+X hTcNe6I0Ran9JqOLYVha3hrAXgmZzqDmAHj5ZjYEt3UqEpWqPvs7xEnpp/6B7kAwl0PWDqRb G2n1JYRdydxkjfUCJdjjWJiUM+AVvi9sjZ216kUIJeEE1rN3B0q/rjANCiICU6G0ZB5/F2Rh +iZ4Xh0f2UazLgBgHRncGGv/YpmxVKfnzoDEU3FIHVBM9o3P1K53FLJySapZXYP03VhzNkTx /IDviDY7KoVbUAM++stV9N6fCcUIUo0BcWakv7zEuCh7BoBI8NhQlPI4COsBEvm2OHeKpHHA 0/VMTD7HujVcWv93BdzjFt5b4qNthU1tS4zHDHVSfp63MVGqJQARAQABtBpHZW9yZ2UgPGdl b3JnZUBxdWVhaXIubmV0PokCVQQTAQgAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AW IQQ0pgof+O+0ZYZv8MVdkh/R7PYWggUCXzFWJwUJCQ7DoAAKCRBdkh/R7PYWgtWHEACEK5r3 FX16tZuucNJiCUDEMo87+t8XJ2yr3YRPhmHANrO2xVZiBqDKak5tF/LdcnJNdnW4JcZYwlX6 bFjDqrO+ge64LDwgufvAjrzOmTEw74Jt07okoRQSYz9PBs58FK58QntpahOIB2UPlQeawCt0 VQ1sq//FG4y+1VDD6aRZ9CP/LcyZGCwXqXcwNDZlLERUL5qO1F6HUze6powJ/Kq+nQoQTMsZ gaauWy8NimINkyjyYT6+SC3KNlanrGP3aJqRaYn43AEKjpjXb2uakdqlqnCfzvd6384gD1kZ e1WvreFIXCNyAtlB0Z/j+l4a4W4p55GbnfBCqHQevnBu9aeituDNln7zHq2UfFVb3gvVSs5Q lz9mTaV6Jupau+a4Fbpbv7aODAwGzxjzZ7GIjKG8rwu4PIfdli7e+JbM3wyEOiRUiKCVKIrh pNq9fwN0O/k5ULoc+b3NC+7KLg8FCCwLnkp6jH9nLSOogY1lFFsJKEhcsB+WGVxPox0J0Nae NqclC0Vz+5Fob+quW6dMaxt0DCp5U5WHlqor6dvt7BALNPQjs1eJoUPCM55FQLK7lzCZz4HG YoA+lmjnve7oYxB7via6yPh537Z0kFTBkrc8/xhJYMHMcy/1uhNrc6fTLl1gpXTuMfNnZRvs E/DKpo9GqKh2abs/U1ridr4tUx4yRrkCDQRZ5PmHARAAykwP2TZEoTyvwfLQBH1Be+lVu9dc pHMVOBTC1F17IfWEIOrzcavZF2FkbMN+nWgCROHhXrELxgW/01MRpGy150vnO5SouWBi3KZe abV9ov253bjxj6UMNmCsQeqxx9PWvs6xMOnbPCPE5eihUkS5yxPJpzRS8l/z7ksoU3Bf5t5R RUS1SAzgNsJdG7+zUvW61iR0e1Y/MFnOHFvT+/BNaK+TG7mnIy3NBjHpR7TuBe0Yl4hSFw2K Z7v2vtawXrpQGjbogSd/QxtrFPIXkfgNQrFC2uekUlGs8YH2zYUFWf+q2IegpT/qQf5EX/8h 7wgb5dTAkqwiwVG/IwMZUhHQVDwc8KUeqACCd6qsbsxv2SmO4ExPQR63cVikWVRs84FBdxiD 3bUj+VFP1SkAFO5cU/sS2Ae0J5n60dM7fGCpOoMUu+Kw8piYHzc8MWOP9cSoTiyV1R4L5wNc 4vrDZeTr4ktpPnb40uCpAmujIvZjJ2/pO06j5i/cm4rjMdQS1FBTE1oF0PXNASUrwqzdaquA uAgefIFTHvVlYjp3KOpf1jrpUT8ZF1UA5G3sMKeTY613B8tUVYEqGr6Ou1HJXdJujktxGhGZ JQCv3Yt+cGORIyFiWtj2JcACx13quKkxD5V3by7i0LEIXOjejPbKFga3+jWtKsem/g6SQyiL dQcAAVcAEQEAAYkCPAQYAQgAJgIbDBYhBDSmCh/477Rlhm/wxV2SH9Hs9haCBQJfMVYsBQkJ DsOlAAoJEF2SH9Hs9haCKdQQAKn+rjrh9V+VOo9QGhP92ZKIk7UwyT9GBr9kq683Vih3sbse 72rgyn6KnPw+chZBQ2kWO2cH6xxgaNhpFCShANbMuM3QveEi2Z7OKLh8v3VzexNvGy1Tfw8C owK5FQOG4GrSjrwNQldrsMQ78g0OtrL9OeXyM90Qd7yYotpYlS96y24dBRyRc5X4p/DyScwM EcUEwvqJtsT8HhxYaJYVtEXjYWjz48Cty9dtX9Cbmrwb/pL0N3paRwypz81U5+47McMD3ulZ xOFXzJkEIxlO6ifvCHVOTWnb+rb8n+y0J11PbLEhj7V/MOaueEgNbCk9FTT/nSldGEFY1kAM i0yqcbpATJ7zHgIKNDBUFD8XmBUrvSSv6pVtLkzxZWXXm63UEgO6nsEqM3n8y7pHoqrTLYPS 3kye1/O6Q5iTrgv2e846JDPIWyQZuuENetGE0GcLJrtepzdbmjBMhl1tY0wxFJeqj1Hib4CF EvDliceHlOSrcM5lwYILvZYaN1EYAEHw3PnFePDOhW0WkTDogGlc9TS1jNanPrlJ/SeM2iCU peTzngY4d3F3ZWO5tetlwp+VsWl1gxEnMEy6en6lvvmGWsQeMmpgPOnF6JYgpIroEqddugQu drdfj3ISVHaxpZAqy9pjdwO4cbImG2ArlKdqPn89BwFKNgjt0qHIF3veiky3
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Tue, 22 Sep 2020 14:34:58 -0400
- In-reply-to: <fa6d0fea-03f7-9e19-01fc-736c18493a9d@yl.ms>
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- References: <CAE5iq3i1KiyV+Cg63ixbHY7XD4BfmYKhL3B0APSWCanqSAPxqQ@mail.gmail.com> <fa6d0fea-03f7-9e19-01fc-736c18493a9d@yl.ms>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
breaking the top-post....
> Hello
> I'm running a TOR relay, every time I SSH to my server I see a message
> that there were thousands of failed login attempts
> Do you see this message too?
This is one of those issues that you figure out your own preferred
method over time as you run public services over the internet.
First, where do you see the message? Not sure about your operating
system, but if it's dumping the failed logins to your screen on you're
on a Unix-like operating system, you should probably check your
/etc/syslog.conf. Dumping failed ssh logins to a file like
/var/log/authlog makes more sense.
Second, make sure you're following the basics with SSHD security.
Require keys or Yubikey etc and don't rely on password security for SSH
access.
You could consider fail2ban and similar tools, but consider either your
host-based firewall or better yet, an upstream network firewall.
Rate-limiting SSH attempts, blacklisting based on bogon addresses, etc,
will bring you part of the way.
IMHO, the less third-party software you install on a Tor relay, the
better off you are. More code means more surface area and more bugs.
The standard tenet of "there's no security with obscurity" rings true,
but we're talking about log noise here, not security. Therefore, you
might want to consider changing the TCP port SSHD is listening on. It
will likely decrease the noise level.
The great secret SSHD security hack that I feel uncomfortable mentioning
on a public list is... do SSH over IPv6 if you can. Seems like the bots
haven't caught up to that yet.
g
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays